1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Active] Premier Opinion (and very slow laptop)

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by lurla, Feb 7, 2019.

  1. lurla

    lurla Established Techie7 Member

    My 10 yr old's laptop is almost constantly at 100% disk and cpu 90+. It's a few yrs old but still works ok for what he wants it for. I know he has tried to download games that haven't worked (maybe due to his computer) such as Roblox (that used to work) and Fortnite (which i told him was likely too much for his computer). I tried having a look but all I can see is this Premier Opinion that is running and google says is malware. I'm hoping for some help to get this thing working a little better. Bad enough that its really loud! lol I did a scan with Avast and nothing showed up except the one i mentioned and it obviously didnt remove it because its still showing as running.


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019
    Ran by Jake (07-02-2019 16:07:21)
    Running from C:\Users\Jake\Downloads
    Windows 10 Home Version 1803 17134.523 (X64) (2018-08-07 19:56:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3070637302-2056889590-1829843764-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3070637302-2056889590-1829843764-503 - Limited - Disabled)
    Guest (S-1-5-21-3070637302-2056889590-1829843764-501 - Limited - Disabled)
    Jake (S-1-5-21-3070637302-2056889590-1829843764-1001 - Administrator - Enabled) => C:\Users\Jake
    WDAGUtilityAccount (S-1-5-21-3070637302-2056889590-1829843764-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-85f384e8-faeb-48a8-8854-75aedf21aa14) (Version: 3.0.2.118 - WildTangent) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
    Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
    Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 71.0.1037.98 - AVAST Software)
    Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
    Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
    Awakening: The Dreamless Castle (HKLM-x32\...\WTA-1942fc4d-ce20-43af-a5e6-cf8edaa4de45) (Version: 3.0.2.51 - WildTangent) Hidden
    Azkend 2: The World Beneath (HKLM-x32\...\WTA-919ca29c-b54b-4971-b163-0a772bfe5def) (Version: 2.2.0.98 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-1dc5aaa3-3497-4400-9006-2f23b8d83c0c) (Version: 3.0.2.48 - WildTangent) Hidden
    calibre (HKLM-x32\...\{B67713B4-83B9-496D-8B26-EBC27F10D562}) (Version: 2.85.1 - Kovid Goyal)
    Catalyst Control Center Next Localization BR (HKLM\...\{020D236C-0860-8700-6645-A8D7DF7D1219}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (HKLM\...\{B8D846ED-A061-FC73-1A80-E45A70FC8BE1}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (HKLM\...\{05B3192F-37A6-D1F0-365B-476D69C3F0D2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (HKLM\...\{5FBFEC71-C194-6D96-21D9-80C183E25878}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (HKLM\...\{9A841032-8472-D1CE-0ACB-E399AC7A2199}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (HKLM\...\{9DF52711-9C0C-5B80-6304-49CE67D2824D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (HKLM\...\{7516F9DE-6B63-B709-84CE-3098F06DD318}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (HKLM\...\{AF5429E4-27FD-3F52-A54D-6BD8F4A68963}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (HKLM\...\{5BA23300-0626-7146-471A-5BF56F8B5CBD}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (HKLM\...\{3FF26615-BB9E-2C89-6532-4B6215A20BB5}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (HKLM\...\{58EB8CBE-C35C-ADE2-1F58-0F9D453976D4}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (HKLM\...\{B84C4DE7-F6A1-CC2A-9EE3-781DC5D600C2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (HKLM\...\{401E894B-7172-98C5-0DA6-A05F78EE79B9}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (HKLM\...\{A3A601FE-245E-B0EE-F0B1-DDACCBBFDF7B}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (HKLM\...\{E6332ED4-35E5-CC2A-4E37-612FC1985994}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (HKLM\...\{89551DFD-EC10-8C4C-E127-9EEB614346FA}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (HKLM\...\{9E3D8484-056C-E087-D6F4-FCCD5EF6FABB}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (HKLM\...\{ADC3E089-7CA6-E182-26B3-A7DA6438636D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (HKLM\...\{01C748AD-07EC-9D6B-3F15-43D49C5E9DE6}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (HKLM\...\{E5407BDB-DAF1-F28E-B835-BB90F20A3333}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (HKLM\...\{9A8954B1-8591-D49B-F337-800094222F7E}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
    CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
    Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-08509b4b-cbbb-44ff-a99e-40dd918f7d54) (Version: 3.0.2.59 - WildTangent) Hidden
    DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    Entwined: The Perfect Murder (HKLM-x32\...\WTA-3ff72a1c-2bce-41ef-b467-ae6da88e037b) (Version: 3.0.2.59 - WildTangent) Hidden
    Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    Hard Time (HKLM-x32\...\Hard Time) (Version: - MDickie)
    Home Makeover (HKLM-x32\...\WTA-a20ca41a-19dd-4e0a-bd40-1dcc67d332bb) (Version: 3.0.2.59 - WildTangent) Hidden
    Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-d99a62d4-31c5-4bc7-b4e1-311ea7698a55) (Version: 3.0.2.59 - WildTangent) Hidden
    HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
    HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.7.50.3 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.10.49.21 - HP)
    HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
    HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
    IGT Slots Fire Rubies (HKLM-x32\...\WTA-44f5d1ee-4fad-4c53-ab0e-efdeee12f04a) (Version: 3.0.2.59 - WildTangent) Hidden
    Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-c4332c52-ebce-4876-853c-826dcb7e8bf6) (Version: 3.0.2.59 - WildTangent) Hidden
    Jewel Match Snowscapes (HKLM-x32\...\WTA-0580b873-0ccd-4ce5-8ade-5e1782e82aa9) (Version: 3.0.2.118 - WildTangent) Hidden
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Little Boy: Walter's Scooter (HKLM-x32\...\WTA-ffaa1a54-6dd1-4d1f-8b4e-3f73442078f4) (Version: 3.0.2.59 - WildTangent) Hidden
    Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-9541e647-4f4e-4e38-a62a-d04e8233bc96) (Version: 3.0.2.59 - WildTangent) Hidden
    Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-692a9377-cc58-45c8-b8ef-b7e1d3ace27c) (Version: 3.0.2.59 - WildTangent) Hidden
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
    Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
    OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
    Plagiarii (HKLM-x32\...\WTA-f4535862-815d-42bf-b8d8-b93e19c197f6) (Version: 3.0.2.59 - WildTangent) Hidden
    Polar Bowler 1st Frame (HKLM-x32\...\WTA-80b0a5b1-d118-4915-a869-0d0b075d85e4) (Version: 3.0.2.59 - WildTangent) Hidden
    PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.419 - VoiceFive, Inc.) <==== ATTENTION
    PuppetShow: Return to Joyville (HKLM-x32\...\WTA-9ab39b41-6a78-4ecd-b3db-19de39be9599) (Version: 3.0.2.126 - WildTangent) Hidden
    Pyro Jump (HKLM-x32\...\WTA-0fc9fbb6-a5cc-482a-b202-6adc019d9201) (Version: 3.0.2.59 - WildTangent) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7743 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.69 - REALTEK Semiconductor Corp.)
    Regency Solitaire (HKLM-x32\...\WTA-1c934972-1aaa-45f7-a8a6-331440f7073a) (Version: 3.0.2.126 - WildTangent) Hidden
    Roblox Player for Jake (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\roblox-player) (Version: - Roblox Corporation)
    Roblox Studio for Jake (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
    Roblox Studio for Jake (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\roblox-studio) (Version: - Roblox Corporation)
    Runefall (HKLM-x32\...\WTA-9f87d66e-86b4-4d40-935a-c36c2a9ee1a7) (Version: 3.0.2.126 - WildTangent) Hidden
    Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
    Scratch 2 Offline Editor (HKLM-x32\...\{6E988774-5309-E02E-7EA8-F19CB65C2063}) (Version: 255 - Massachusetts Institute of Technology) Hidden
    Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 461 - Massachusetts Institute of Technology)
    Stardock Start10 (HKLM\...\Start10_is1) (Version: 1.0 - Stardock Software, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    StudioTax 2016 (HKLM-x32\...\{77DBD10C-44F6-421F-826A-202CEB287790}) (Version: 12.0.5.1 - BHOK IT Consulting)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
    Tasty Blue (HKLM-x32\...\WTA-55787782-2e68-4306-9b6c-d44b00b8ac40) (Version: 3.0.2.59 - WildTangent) Hidden
    The Far Kingdoms (HKLM-x32\...\WTA-adc10ec0-891e-4b6e-b4db-46ee6d5f6b08) (Version: 3.0.2.59 - WildTangent) Hidden
    The Fastest Mouse Clicker for Windows version 1.9.8.2 (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\The Fastest Mouse Clicker for Windows_is1) (Version: 1.9.8.2 - Open Source Developer Masha Novedad (twitter.com/WIN_2048_CLUB))
    The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
    WebM Project Directshow Filters (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {052CC1EE-CDEC-4E9C-A090-0CD183036D91} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {06A4BFAE-A170-4C05-A189-8DBD19FBA346} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2019-01-23] (AVAST Software s.r.o. -> AVAST Software)
    Task: {0AAC2CE2-EBBD-42F7-AEA2-4317984593B9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {14DE5A68-79C8-482F-A85E-C337066257E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc. -> HP Inc.)
    Task: {30781664-400F-4B04-8C46-663306F4E500} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-12-25] (AVAST Software a.s. -> AVAST Software)
    Task: {38415E3D-0481-4FCF-B95D-3713BDA7014D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {4B27BAF1-6507-4940-9771-0E77FA89B5B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (Hewlett Packard -> HP Inc.)
    Task: {51F9C584-CA0F-4891-9F61-14CDB24A3ACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc. -> HP Inc.)
    Task: {54CDD5CA-3226-4AD6-A422-A44817E6398F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc. -> HP Inc.)
    Task: {5526E72D-58A0-4A05-BDDE-AD290CE2E84A} - System32\Tasks\HPCeeScheduleForJake => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {5548B3C6-1027-42D9-B6A8-DB97DC9BEB15} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {5EBA1901-0999-4606-B343-460CFB1DA384} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {65079A16-07B5-4EF3-97AF-FB8697E2BE1E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {6BFB9FDE-89A5-4EA2-B30D-550949AC79F3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {6D208375-17E5-4C4A-BC94-283E8F9D70B0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
    Task: {7ABA3A5B-C746-4997-8549-044C440EFFA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {847E76D4-2938-4D81-B138-D025C7BB2C78} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] (Dropbox, Inc -> )
    Task: {85859139-617A-4330-8A6E-8F9CFA421F19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2019-01-17] (HP Inc. -> HP Inc.)
    Task: {85C964C2-8F10-4BDB-9329-184D8C31E011} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
    Task: {868FAA82-6A58-42BA-988D-C4E173EC19BF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {88A2FFD0-A03E-4D06-8A7F-F6B01139F2F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {8D228364-236A-413D-AC02-BED78D746949} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    Task: {8E7254A3-64F6-4B7D-9BB6-E158F405044C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc -> Google Inc.)
    Task: {91E8CBCE-7500-4702-BF87-08CA82080EF1} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
    Task: {ACD214D7-490A-4EA6-8D86-9DBE53F9F71D} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-12-25] (AVAST Software a.s. -> AVAST Software)
    Task: {AF19E3F7-F989-44C3-900A-289B30F5D91E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {B5275FC9-FB04-4DF5-BAEC-B4935CEAA21C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc. -> HP Inc.)
    Task: {B6D869EC-A274-486F-9455-4157A20C4CE2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {CF56029A-8895-4A03-9501-2006E4373F59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc. -> HP Inc.)
    Task: {DAAFC2BB-0AAC-4214-9586-98FF3515F11B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {E418C63C-5F48-4D79-A07E-7794586B73D7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc. -> HP Inc.)
    Task: {E838EDDC-7BF0-4688-8B27-9177EBFFDDB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc -> Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForJake.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scratch\Scratch Website.lnk -> hxxp://scratch.mit.edu

    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.booking.com/index.html?aid=398438&label=square

    ==================== Loaded Modules (Whitelisted) ==============

    2016-10-28 12:35 - 2014-04-14 22:29 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2016-12-25 08:13 - 2016-12-25 08:14 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
    2018-04-11 20:04 - 2018-04-11 20:04 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-04-11 20:04 - 2018-04-11 20:04 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-12-14 17:28 - 2018-11-08 22:47 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2019-01-19 00:42 - 2019-01-01 03:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-08-07 14:11 - 2018-08-07 14:11 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2018-08-07 14:11 - 2018-08-07 14:11 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
    2019-01-23 23:15 - 2019-01-23 23:16 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2019-01-23 23:15 - 2019-01-23 23:16 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-08-03 11:17 - 2018-08-03 11:18 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
    2018-11-29 18:57 - 2018-11-29 18:58 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-01-23 23:15 - 2019-01-23 23:16 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2019-01-23 23:15 - 2019-01-23 23:16 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2015-06-25 21:04 - 2015-06-25 21:04 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
    2015-06-25 21:07 - 2015-06-25 21:07 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-06-25 21:05 - 2015-06-25 21:05 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
    2015-06-25 21:08 - 2015-06-25 21:08 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-06-25 20:23 - 2015-06-25 20:23 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
    2015-06-25 20:21 - 2015-06-25 20:21 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2019-01-08 20:06 - 2019-01-08 20:06 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2019-02-07 15:26 - 2019-02-07 15:26 - 000321928 _____ () C:\Program Files\AVAST Software\Avast\serialization.dll
    2019-02-07 15:26 - 2019-02-07 15:26 - 000654216 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2016-09-21 12:14 - 2016-09-21 12:14 - 000584488 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
    2016-03-26 23:55 - 2016-03-26 23:55 - 000138752 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
    2019-01-19 18:02 - 2019-01-19 18:03 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2019-01-19 18:02 - 2019-01-19 18:03 - 065903104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2018-08-03 11:29 - 2018-08-03 11:33 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2019-01-19 18:02 - 2019-01-19 18:03 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2018-11-17 12:18 - 2018-11-17 12:23 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2018-08-21 17:59 - 2018-08-21 18:00 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
    2018-11-17 12:18 - 2018-11-17 12:23 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
    2018-08-21 17:59 - 2018-08-21 18:00 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_core320.dll
    2018-08-03 11:29 - 2018-08-03 11:33 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2019-01-19 18:02 - 2019-01-19 18:03 - 014186496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-11-17 12:18 - 2018-11-17 12:23 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2019-01-19 18:02 - 2019-01-19 18:03 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-08-30 19:56 - 2018-08-30 19:57 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-08-03 11:29 - 2018-08-03 11:32 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-12-18 20:57 - 2018-12-12 01:41 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
    2018-12-18 20:56 - 2018-12-12 01:41 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
    2018-10-08 19:25 - 2018-10-08 19:25 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
    2018-09-07 16:52 - 2018-09-07 16:53 - 032745472 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1805.2331.0_x64__8wekyb3d8bbwe\PilotshubApp.dll
    2016-12-25 08:13 - 2016-12-25 08:18 - 038907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 03:54 - 2019-01-04 22:43 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts


    2018-12-16 13:36 - 2018-12-16 14:27 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    DNS Servers: 24.222.0.94 - 24.222.0.95
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{B560FE2F-21B6-46CD-AA47-7AFC4BA919B2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
    FirewallRules: [TCP Query User{45A5C16B-B976-41D7-923E-355B31877F18}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
    FirewallRules: [UDP Query User{4FBEA59E-C429-455D-9EE2-1C9D2E69631E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
    FirewallRules: [TCP Query User{4E43AD26-FBFE-40A6-82DB-283390F8D481}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
    FirewallRules: [{1BBD540C-2E22-455C-9C4B-7E1140A4B619}] => (Allow) C:\Users\Jake\AppData\Roaming\uTorrent\uTorrent.exe No File
    FirewallRules: [{400B0BD6-3722-4DB4-8410-9267A6591B1A}] => (Allow) C:\Users\Jake\AppData\Roaming\uTorrent\uTorrent.exe No File
    FirewallRules: [{BBEE0259-BEC9-4819-B297-0C1B1D1602A8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe No File
    FirewallRules: [{084B65EB-1F3E-4405-A941-E19107099916}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe No File
    FirewallRules: [{41D5A2BF-8F72-4EC0-82AF-CF22B8300DA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{B295BCCB-70B6-43B3-BB56-B34D66774B56}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
    FirewallRules: [{63FAD1F1-667D-414C-BB84-1CD653036299}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{57F3618C-FF3F-4960-B354-6329F77397F6}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
    FirewallRules: [{9773208F-3679-45E2-88E3-2851C395B8CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{93D2D973-D4D2-460E-B6CA-4D0B9A703DC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{1885E8EF-4F87-41D7-AFFD-94EE0AB5D4B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{8B06E836-4C29-4183-B28B-FF49D19742CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F04F6867-2245-46B4-8845-6831CA1193D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{30E3AF2A-65A1-4E00-A927-215391EA867C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{DD00ABC1-0FB4-40E7-B731-C20EE486255B}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe ()
    FirewallRules: [UDP Query User{887C10D2-1D03-4DAD-9959-C0C1437DB365}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe ()
    FirewallRules: [{EAF0950C-64E7-49C2-98AA-EBA9E629452D}] => (Block) C:\program files (x86)\calibre2\calibre.exe ()
    FirewallRules: [{E8A0A622-143E-4D31-8B15-333F6FD52079}] => (Block) C:\program files (x86)\calibre2\calibre.exe ()
    FirewallRules: [TCP Query User{DB70CE8F-FEF9-4FBB-BDE7-37E383D6835B}C:\users\jake\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\jake\appdata\local\mycomgames\mycomgames.exe No File
    FirewallRules: [UDP Query User{3D338E0C-FCBF-4175-8AE9-7EC278C0DE27}C:\users\jake\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\jake\appdata\local\mycomgames\mycomgames.exe No File
    FirewallRules: [TCP Query User{BB3CD83F-C823-4C0F-8833-63DAEF0E3612}C:\users\jake\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\jake\appdata\local\mycomgames\mycomgames.exe No File
    FirewallRules: [UDP Query User{67EB7201-1958-4BA5-9F7F-4470AB4C474C}C:\users\jake\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\jake\appdata\local\mycomgames\mycomgames.exe No File
    FirewallRules: [TCP Query User{6F4091AC-4321-4368-8102-215AF5E1C7B7}C:\users\jake\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\jake\appdata\local\warthunder\launcher.exe No File
    FirewallRules: [UDP Query User{FC31C2C4-B1B2-414B-914C-170FCD7A378B}C:\users\jake\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\jake\appdata\local\warthunder\launcher.exe No File
    FirewallRules: [TCP Query User{316A00D6-844D-4835-9C1D-10739C8197AE}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
    FirewallRules: [UDP Query User{51CED2FC-1145-4443-BBA8-B9AD99F47BE8}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
    FirewallRules: [TCP Query User{7D7A305B-794A-498D-A209-BA12AA08C8C4}C:\users\jake\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\jake\appdata\local\warthunder\launcher.exe No File
    FirewallRules: [UDP Query User{6E6B5417-4BC5-49DF-B854-A601A9FB8DAB}C:\users\jake\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\jake\appdata\local\warthunder\launcher.exe No File
    FirewallRules: [TCP Query User{53C12259-6B9C-49E5-B835-D08741F94A34}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
    FirewallRules: [UDP Query User{318A1A19-A014-4995-B287-D31E17C8A152}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
    FirewallRules: [{878AAF98-BEA7-427D-83EC-C27AD4130280}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{60936E6C-529E-45ED-A9D7-E561E8E7CB90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{A6F6CDAD-EC6A-41EC-BDC6-449570F67C2B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
    FirewallRules: [{F7510907-4928-4DBF-9E3A-7755329ACB09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
    FirewallRules: [{B681D270-8320-4966-8E26-6078E80A46D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS -> Reto-Moto ApS)
    FirewallRules: [{D039E9EC-4FA3-41C8-B2BC-327C1E2E9891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS -> Reto-Moto ApS)
    FirewallRules: [{47D7F506-C68E-436D-BE1D-45FF9285EB0D}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
    FirewallRules: [{E255F00E-D270-44A4-8810-DF19A86647A3}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
    FirewallRules: [{E8F5B78C-EED6-4D0F-91DA-AB6A84BB82E2}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
    FirewallRules: [{EFDB9C0F-FB27-4FF7-BD5F-19A5D362BD8A}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
    FirewallRules: [{7E35175E-2D77-41A5-9E62-0882BA2C7723}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
    FirewallRules: [{3526840F-3E5E-4963-BF19-E5BD433DE178}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
    FirewallRules: [{C6E12266-1343-43E1-85B7-B056D819FFB7}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
    FirewallRules: [{2E93B21B-5FD5-4956-B48E-9DB3C3A90910}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
    FirewallRules: [{82A7F702-A11F-4ECE-8874-049208FA5DD6}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
    FirewallRules: [{D0C8AC0C-EAF4-4A9F-8F19-E15EE2D48F88}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
    FirewallRules: [{E6CA2FAA-E484-467E-A414-E94A10FE955D}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
    FirewallRules: [{C2BE29C5-589F-481D-A4DB-5E7F1ED71DEF}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
    FirewallRules: [TCP Query User{F94D0AB9-94F3-40D1-A170-654BB3A35310}C:\program files (x86)\premieropinion\pmropn.exe] => (Block) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc. -> VoiceFive, Inc.)
    FirewallRules: [{C9ABD743-664C-4545-A3EF-5076826A3764}] => (Allow) C:\Users\Jake\Downloads\meteor 60 seconds\Steam.exe No File
    FirewallRules: [{62B78029-B63C-4215-BD46-5E7BEE576B3F}] => (Allow) C:\Users\Jake\Downloads\meteor 60 seconds\Steam.exe No File
    FirewallRules: [{B696F37F-E6AB-461B-AE6A-A5DEBDB09B4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [TCP Query User{CAAEE0B5-7392-4A29-8F70-E9A8B0C46D3C}C:\users\jake\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jake\appdata\local\gamecenter\gamecenter.exe No File
    FirewallRules: [UDP Query User{560F7B28-BB42-4095-8BFC-D596F72BCA32}C:\users\jake\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jake\appdata\local\gamecenter\gamecenter.exe No File
    FirewallRules: [{06A22BCF-7651-48E3-89D6-BAFB16B55F54}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [TCP Query User{8EEE1590-814B-4AA3-B6B2-34885A262A80}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc. -> VoiceFive, Inc.)
    FirewallRules: [UDP Query User{AE32B1C9-4242-4351-92E8-FA69BBA92F56}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc. -> VoiceFive, Inc.)
    FirewallRules: [{FC81C209-4694-477B-AC5A-12E10EB72634}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
    FirewallRules: [{585C3E60-5B39-4C99-8C79-CCD6012ED50D}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
    FirewallRules: [{7BE996EE-1D43-412F-8DAE-60DA2F4B1594}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
    FirewallRules: [{6743CD1F-C994-4DAA-945F-9450288AEDAD}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)

    ==================== Restore Points =========================

    08-01-2019 20:12:40 Windows Update
    19-01-2019 00:34:54 Windows Update
    23-01-2019 21:37:41 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/07/2019 03:35:25 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_fb409dd930672a56.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_42edd4b044e3535c.manifest.

    Error: (02/03/2019 06:45:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7578

    Error: (02/03/2019 06:45:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7578

    Error: (02/03/2019 06:45:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/03/2019 06:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6109

    Error: (02/03/2019 06:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6109

    Error: (02/03/2019 06:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/03/2019 06:45:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4656


    System errors:
    =============
    Error: (02/07/2019 03:54:25 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2PTBAV14)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user LAPTOP-2PTBAV14\Jake SID (S-1-5-21-3070637302-2056889590-1829843764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/07/2019 03:45:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/07/2019 03:44:11 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2PTBAV14)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user LAPTOP-2PTBAV14\Jake SID (S-1-5-21-3070637302-2056889590-1829843764-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (02/07/2019 03:36:51 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2PTBAV14)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user LAPTOP-2PTBAV14\Jake SID (S-1-5-21-3070637302-2056889590-1829843764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/07/2019 03:36:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/07/2019 03:34:43 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
    Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

    Error: (02/07/2019 03:34:43 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
    Description: The password notification DLL C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

    Error: (02/07/2019 03:33:22 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.


    Windows Defender:
    ===================================
    Date: 2018-09-14 21:56:44.804
    Description:
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x80004005
    Error description: Unspecified error
    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    CodeIntegrity:
    ===================================

    Date: 2019-02-07 15:36:04.450
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Store signing level requirements.

    Date: 2019-02-07 15:32:45.013
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-02-07 15:32:44.976
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-02-07 15:32:44.963
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-02-07 15:32:44.949
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-02-07 15:32:44.934
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-02-07 15:32:44.917
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-02-07 15:32:44.834
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD E2-7110 APU with AMD Radeon R2 Graphics
    Percentage of memory in use: 91%
    Total physical RAM: 3529.01 MB
    Available physical RAM: 293.02 MB
    Total Virtual: 5833.01 MB
    Available Virtual: 1742.27 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:446.28 GB) (Free:343.16 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:18.25 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{96bcdb8c-dbf0-4a95-b839-34ce7c0f7d2a}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.42 GB) NTFS
    \\?\Volume{db445438-544b-4b96-b8c7-f0ec6d2687ce}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: D3A0881B)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  2. lurla

    lurla Established Techie7 Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 6.02.2019
    Ran by Jake (administrator) on LAPTOP-2PTBAV14 (07-02-2019 16:01:57)
    Running from C:\Users\Jake\Downloads
    Loaded Profiles: Jake (Available Profiles: Jake)
    Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmservice.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    () C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn64.exe
    (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
    () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
    (AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\SDXHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [StartCN] => c:\Program Files\AMD\CNext\CNext\cnext.exe [4998856 2016-03-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
    HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp. -> CyberLink Corp.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [Discord] => C:\Users\Jake\AppData\Local\Discord\app-0.0.298\Discord.exe
    HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [Steam] => "C:\Users\Jake\Downloads\meteor 60 seconds\steam.exe" -silent
    HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35195280 2019-02-02] (Epic Games Inc. -> Epic Games, Inc.)
    HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [AvastBrowserAutoLaunch_3A0FF50006DAA5E1AC86787097F1E186] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1829736 2019-01-09] (AVAST Software s.r.o. -> AVAST Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc -> Google Inc.)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\Installer\chrmstp.exe [2019-01-18] (AVAST Software s.r.o. -> AVAST Software)
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95
    Tcpip\..\Interfaces\{a10f5569-fa0e-4652-bc5f-661a1838cc41}: [DhcpNameServer] 24.222.0.94 24.222.0.95

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {45739E94-3E6C-4C14-BF04-5CD1EEEC0AC4} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> {45739E94-3E6C-4C14-BF04-5CD1EEEC0AC4} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-3070637302-2056889590-1829843764-1001 -> {45739E94-3E6C-4C14-BF04-5CD1EEEC0AC4} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: 6veukyi2.default
    FF ProfilePath: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default [2019-02-07]
    FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default\Extensions\sp@avast.com.xpi [2018-10-26]
    FF Extension: (Avast Online Security) - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default\Extensions\wrc@avast.com.xpi [2018-08-03]
    FF SearchPlugin: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default\searchplugins\yahoo! powered search.xml [2017-08-08]
    FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
    FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2018-08-17] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-09] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-07] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3070637302-2056889590-1829843764-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jake\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-20] (Citrix Online)

    Chrome:
    =======
    CHR NewTab: Default -> Not-active:"chrome-extension://kmomlllimffhhfhfoikjdkcjlebmnjmn/newtab/newtab.html", Not-active:"chrome-extension://cglnkolnaldeeolpbfpgemdanfcgiklp/newtab/newtab.html"
    CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> lp
    CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms}
    CHR Profile: C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default [2019-02-07]
    CHR Extension: (Slides) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-02]
    CHR Extension: (Docs) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-02]
    CHR Extension: (Google Drive) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-25]
    CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-08-02]
    CHR Extension: (YouTube) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-25]
    CHR Extension: (Easy Speed Test V3.2) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp [2018-08-03]
    CHR Extension: ( Colorful Galaxy) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaabbbedehhbogefnfdakijemlefkkeh [2018-11-17]
    CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-07]
    CHR Extension: (Sheets) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-03]
    CHR Extension: (Google Docs Offline) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
    CHR Extension: (Avast Online Security) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-02-07]
    CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-01-05]
    CHR Extension: (Popup Blocker Pro) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-09-14]
    CHR Extension: (My Quick Converter Version 3) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn [2017-06-26]
    CHR Extension: (Custom Progress Bar for YouTube™) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkomboflhdlliegkaiepilnfmophgfg [2018-11-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-03]
    CHR Extension: (Gmail) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-25]
    CHR Extension: (Chrome Media Router) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-25]
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-03-26] () [File not signed]
    R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [249344 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
    S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe [390552 2019-01-09] (AVAST Software s.r.o. -> AVAST Software)
    S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation -> Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
    S3 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [722216 2017-08-09] (Reto-Moto ApS -> Reto-Moto ApS) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
    R2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [168704 2018-10-17] (VoiceFive, Inc. -> VoiceFive, Inc.) <==== ATTENTION
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-12-25] (AVAST Software a.s. -> )
    R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Corporation -> Stardock Software, Inc)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27384 2016-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
    S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
    R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [23983104 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [674816 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2016-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [225680 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196072 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320696 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57960 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
    R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249456 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167304 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034432 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474456 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216784 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379952 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-04-11] (Intel Corporation - Client Components Group -> Intel Corporation)
    S0 nvraid; C:\WINDOWS\System32\drivers\nvraid.sys [150424 2018-04-11] (Microsoft Windows -> NVIDIA Corporation)
    S0 nvstor; C:\WINDOWS\System32\drivers\nvstor.sys [166304 2018-04-11] (Microsoft Windows -> NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek Semiconductor Corp -> Realtek )
    R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
    S0 SiSRaid2; C:\WINDOWS\System32\drivers\SiSRaid2.sys [44952 2018-04-11] (Microsoft Windows -> Silicon Integrated Systems Corp.)
    S0 SiSRaid4; C:\WINDOWS\System32\drivers\sisraid4.sys [81816 2018-04-11] (Microsoft Windows -> Silicon Integrated Systems)
    R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [62568 2016-03-14] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-07 16:01 - 2019-02-07 16:05 - 000030204 _____ C:\Users\Jake\Downloads\FRST.txt
    2019-02-07 16:00 - 2019-02-07 16:00 - 002433536 _____ (Farbar) C:\Users\Jake\Downloads\FRST64.exe
    2019-02-07 15:27 - 2019-02-07 15:26 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2019-01-24 21:15 - 2018-09-20 00:42 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2019-01-23 23:42 - 2019-02-07 15:26 - 000225680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
    2019-01-23 21:55 - 2019-01-23 21:55 - 000000000 ___HD C:\OneDriveTemp
    2019-01-19 00:44 - 2019-01-01 03:42 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-01-19 00:44 - 2019-01-01 03:25 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-01-19 00:44 - 2019-01-01 03:20 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-01-19 00:44 - 2019-01-01 03:07 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-01-19 00:43 - 2019-01-01 10:16 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-01-19 00:43 - 2019-01-01 09:50 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-01-19 00:43 - 2019-01-01 03:44 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-01-19 00:43 - 2019-01-01 03:43 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-01-19 00:43 - 2019-01-01 03:42 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-01-19 00:43 - 2019-01-01 03:42 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-01-19 00:43 - 2019-01-01 03:42 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-01-19 00:43 - 2019-01-01 03:20 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-01-19 00:43 - 2019-01-01 03:15 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-01-19 00:43 - 2019-01-01 03:15 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-01-19 00:43 - 2019-01-01 03:12 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-01-19 00:43 - 2019-01-01 03:07 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-01-19 00:43 - 2019-01-01 03:07 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-01-19 00:43 - 2019-01-01 02:59 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-01-19 00:43 - 2019-01-01 02:52 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-01-19 00:43 - 2019-01-01 02:46 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-01-19 00:43 - 2019-01-01 02:44 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-01-19 00:42 - 2019-01-01 10:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-01-19 00:42 - 2019-01-01 10:17 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
    2019-01-19 00:42 - 2019-01-01 10:15 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2019-01-19 00:42 - 2019-01-01 10:15 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
    2019-01-19 00:42 - 2019-01-01 10:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-01-19 00:42 - 2019-01-01 09:50 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
    2019-01-19 00:42 - 2019-01-01 09:48 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2019-01-19 00:42 - 2019-01-01 09:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
    2019-01-19 00:42 - 2019-01-01 03:44 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2019-01-19 00:42 - 2019-01-01 03:44 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-01-19 00:42 - 2019-01-01 03:44 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-01-19 00:42 - 2019-01-01 03:44 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-01-19 00:42 - 2019-01-01 03:44 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-01-19 00:42 - 2019-01-01 03:43 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2019-01-19 00:42 - 2019-01-01 03:43 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2019-01-19 00:42 - 2019-01-01 03:43 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-01-19 00:42 - 2019-01-01 03:43 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-01-19 00:42 - 2019-01-01 03:42 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-01-19 00:42 - 2019-01-01 03:42 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-01-19 00:42 - 2019-01-01 03:42 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-01-19 00:42 - 2019-01-01 03:42 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2019-01-19 00:42 - 2019-01-01 03:42 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2019-01-19 00:42 - 2019-01-01 03:18 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2019-01-19 00:42 - 2019-01-01 03:18 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2019-01-19 00:42 - 2019-01-01 03:18 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
    2019-01-19 00:42 - 2019-01-01 03:17 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-01-19 00:42 - 2019-01-01 03:17 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-01-19 00:42 - 2019-01-01 03:16 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
    2019-01-19 00:42 - 2019-01-01 03:16 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-01-19 00:42 - 2019-01-01 03:16 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-01-19 00:42 - 2019-01-01 03:15 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2019-01-19 00:42 - 2019-01-01 03:14 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2019-01-19 00:42 - 2019-01-01 03:14 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-01-19 00:42 - 2019-01-01 03:14 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-01-19 00:42 - 2019-01-01 03:14 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
    2019-01-19 00:42 - 2019-01-01 03:14 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
    2019-01-19 00:42 - 2019-01-01 03:13 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-01-19 00:42 - 2019-01-01 03:12 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2019-01-19 00:42 - 2019-01-01 03:12 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2019-01-19 00:42 - 2019-01-01 03:12 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2019-01-19 00:42 - 2019-01-01 03:11 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2019-01-19 00:42 - 2019-01-01 03:11 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-01-19 00:42 - 2019-01-01 03:11 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2019-01-19 00:42 - 2019-01-01 03:11 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-01-19 00:42 - 2019-01-01 03:07 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-01-19 00:42 - 2019-01-01 03:07 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2019-01-19 00:42 - 2019-01-01 03:07 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-01-19 00:42 - 2019-01-01 03:07 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-01-19 00:42 - 2019-01-01 02:47 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
    2019-01-19 00:42 - 2019-01-01 02:46 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2019-01-19 00:42 - 2019-01-01 02:46 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2019-01-19 00:42 - 2019-01-01 02:45 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-01-19 00:42 - 2019-01-01 02:45 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-01-19 00:42 - 2019-01-01 02:45 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-01-19 00:42 - 2019-01-01 02:45 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2019-01-19 00:42 - 2019-01-01 02:44 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-01-19 00:42 - 2019-01-01 02:44 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
    2019-01-19 00:42 - 2019-01-01 02:43 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-01-19 00:42 - 2019-01-01 02:43 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2019-01-19 00:42 - 2019-01-01 02:43 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-01-19 00:42 - 2019-01-01 02:42 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2019-01-19 00:42 - 2019-01-01 02:42 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2019-01-19 00:42 - 2019-01-01 02:42 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-01-19 00:42 - 2019-01-01 02:42 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
    2019-01-19 00:42 - 2019-01-01 01:53 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2019-01-19 00:42 - 2018-12-19 01:19 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-01-19 00:30 - 2019-01-19 00:30 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2019-01-19 00:30 - 2019-01-19 00:30 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2019-01-19 00:30 - 2019-01-19 00:30 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
    2019-01-19 00:30 - 2019-01-19 00:30 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2019-01-19 00:30 - 2019-01-19 00:30 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2019-01-19 00:30 - 2019-01-19 00:30 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
    2019-01-19 00:30 - 2019-01-19 00:30 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2019-01-19 00:30 - 2019-01-19 00:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    2019-01-08 20:07 - 2019-02-07 15:26 - 000320696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
    2019-01-08 20:07 - 2019-02-07 15:26 - 000196072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
    2019-01-08 20:07 - 2019-02-07 15:26 - 000057960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
    2019-01-08 20:07 - 2019-02-07 15:26 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-07 16:05 - 2018-04-11 20:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-02-07 16:01 - 2018-08-15 17:19 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
    2019-02-07 16:01 - 2017-02-09 00:04 - 000000000 ____D C:\FRST
    2019-02-07 15:53 - 2018-08-05 09:07 - 000000000 ____D C:\Users\Jake\AppData\Local\AVAST Software
    2019-02-07 15:43 - 2018-12-17 15:32 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJake
    2019-02-07 15:43 - 2018-12-17 15:32 - 000000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJake.job
    2019-02-07 15:37 - 2016-12-25 08:15 - 000000000 ___RD C:\Users\Jake\OneDrive
    2019-02-07 15:34 - 2018-08-07 16:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-02-07 15:33 - 2018-04-11 17:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-02-07 15:33 - 2017-08-04 00:39 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2019-02-07 15:29 - 2018-08-07 16:24 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2019-02-07 15:27 - 2018-11-09 19:42 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2019-02-07 15:27 - 2018-08-07 16:24 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B590357-4583-438D-856B-F467EF773583}
    2019-02-07 15:27 - 2018-08-07 14:31 - 000474456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2019-02-07 15:27 - 2018-08-07 14:31 - 000379952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2019-02-07 15:27 - 2018-08-07 14:31 - 000216784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2019-02-07 15:27 - 2018-08-07 14:31 - 000167304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2019-02-07 15:27 - 2018-08-07 14:31 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2019-02-07 15:27 - 2018-08-07 14:31 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2019-02-07 15:27 - 2018-04-11 20:08 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-02-07 15:27 - 2017-01-10 18:57 - 000249456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2019-02-07 15:26 - 2018-08-07 14:31 - 001034432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2019-02-07 15:26 - 2018-08-07 14:31 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2019-02-07 15:20 - 2018-08-07 17:44 - 000000000 ____D C:\Users\Jake\AppData\Local\D3DSCache
    2019-02-07 15:07 - 2018-08-07 15:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-02-03 14:45 - 2018-08-16 15:42 - 000001254 _____ C:\Users\Jake\Desktop\Roblox Studio.lnk
    2019-02-03 14:45 - 2016-12-25 09:37 - 000001439 _____ C:\Users\Jake\Desktop\Roblox Player.lnk
    2019-02-03 14:45 - 2016-12-25 09:36 - 000000000 ____D C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2019-01-27 17:39 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-01-27 17:39 - 2016-04-15 15:44 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2019-01-27 17:39 - 2016-04-15 15:44 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2019-01-27 15:41 - 2018-04-11 20:08 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-01-26 19:24 - 2018-08-07 16:24 - 000003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2019-01-26 19:24 - 2018-08-07 16:24 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2019-01-26 19:24 - 2018-08-07 16:24 - 000003462 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2019-01-26 19:24 - 2018-08-07 16:24 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2019-01-26 19:24 - 2018-08-07 16:24 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-01-26 19:24 - 2018-08-07 16:24 - 000003136 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2019-01-26 19:24 - 2018-08-07 16:24 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-01-26 19:24 - 2018-08-07 16:24 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3070637302-2056889590-1829843764-1001
    2019-01-26 19:24 - 2018-08-07 16:24 - 000002542 _____ C:\WINDOWS\System32\Tasks\HPDAS
    2019-01-26 19:24 - 2018-08-07 16:24 - 000002262 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
    2019-01-26 19:24 - 2018-08-07 16:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2019-01-26 18:09 - 2018-04-11 20:00 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-01-23 23:26 - 2018-08-04 08:37 - 000000000 ____D C:\Users\Jake\AppData\Local\CrashDumps
    2019-01-23 23:20 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\TextInput
    2019-01-23 23:20 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-01-23 21:54 - 2018-08-07 15:53 - 000002371 _____ C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-01-23 21:45 - 2018-08-02 21:14 - 000000000 ____D C:\Program Files\rempl
    2019-01-19 17:32 - 2017-06-01 10:14 - 000000000 ____D C:\Users\Jake\AppData\Local\ElevatedDiagnostics
    2019-01-19 02:01 - 2018-08-06 08:51 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
    2019-01-19 02:01 - 2018-08-06 08:51 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
    2019-01-19 00:21 - 2016-04-15 15:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-01-10 12:41 - 2016-12-26 05:34 - 000000000 ____D C:\Users\Jake\AppData\Local\ConnectedDevicesPlatform
    2019-01-10 12:02 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2019-01-10 12:02 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-01-08 20:30 - 2016-12-25 20:59 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-01-08 20:19 - 2016-12-25 20:58 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-01-08 20:06 - 2018-08-03 15:24 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys

    ==================== Files in the root of some directories =======

    2018-08-12 09:29 - 2018-11-01 16:58 - 000000137 _____ () C:\Users\Jake\AppData\Roaming\WB.CFG
    2018-08-10 21:18 - 2018-08-10 21:18 - 000000000 _____ () C:\Users\Jake\AppData\Local\{41EE71FF-EFB5-49DF-9D56-CFE2A2E0B1C8}
    2018-09-24 14:29 - 2018-09-24 14:29 - 000000153 _____ () C:\Users\Jake\AppData\Local\{49954250-F5D9-4A1A-B981-7E3A25B48E7E}
    2018-09-26 15:31 - 2018-09-26 15:31 - 000000153 _____ () C:\Users\Jake\AppData\Local\{63A19B7C-4F55-45DE-8BA8-210E4C525227}
    2018-09-30 11:08 - 2018-09-30 11:08 - 000000153 _____ () C:\Users\Jake\AppData\Local\{78AC3382-522F-495E-9223-C8F97CDA9FD8}
    2018-11-07 16:33 - 2018-11-07 16:33 - 000000153 _____ () C:\Users\Jake\AppData\Local\{94176826-0879-4352-8756-29C89D1AAFE1}
    2018-09-23 09:15 - 2018-09-23 09:15 - 000000153 _____ () C:\Users\Jake\AppData\Local\{E0423D9D-F355-41D9-8DCD-6C3D43472C4B}

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\dllhost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-08-07 15:47

    ==================== End of FRST.txt ============================
     
  3. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    [​IMG] Uninstall following unwanted program:

    PremierOpinion

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
     
  4. lurla

    lurla Established Techie7 Member

    Sorry for the delay!! It took so long for the computer to turn on and download the programs that I walked away and forgot to check on it until my son asked again. Currently scanning. Will return shortly with the reports.
     
  5. broni

    broni Malware Annihilator Techie7 Moderator Head Security

  6. lurla

    lurla Established Techie7 Member

    After about 6 hrs of rogue killer scanning, the computer went into sleep mode and i couldnt get it to open up.. shut the whole thing down, and all that was left was a scanning log. :confused: Rescanning o_O
     
  7. broni

    broni Malware Annihilator Techie7 Moderator Head Security

  8. lurla

    lurla Established Techie7 Member

    ok took me 4 tries of computers locking up and having to restart but i have scan 1 completed. doing malwarebytes now

    RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17134) 64 bits
    Started in : Normal mode
    User : Jake [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20190204_072850, Driver : Loaded
    Mode : Standard Scan, Delete -- Date : 2019/02/17 15:12:24 (Duration : 09:59:59)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] pmservice.exe [VoiceFive, Inc.] -- %programfiles(x86)%\PremierOpinion\pmservice.exe -> ERROR [0]
    [PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] pmropn.exe [VoiceFive, Inc.] -- %programfiles(x86)%\PremierOpinion\pmropn.exe ->
    [PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] pmropn32.exe [VoiceFive, Inc.] -- %programfiles(x86)%\PremierOpinion\pmropn32.exe ->
    [PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] pmropn64.exe [VoiceFive, Inc.] -- %programfiles(x86)%\PremierOpinion\pmropn64.exe ->
    [PUP.Gen0 (Potentially Malicious)] PremierOpinion -- %programfiles(x86)%\PremierOpinion\pmservice.exe \service -> Stopped
    [PUP.Gen1|PUP.ByteFence (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\ByteFence -- -> Deleted
    [PUP.Gen1|PUP.ByteFence (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\ByteFence -- -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\csastats -- -> Deleted
    [PUP.WeatherBuddy (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\ELLS LLC -- -> Deleted
    [Adw.ImpaqSpeed (Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\Melasys LLC -- -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\ProductSetup -- -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\csastats -- -> Deleted
    [PUP.WeatherBuddy (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\ELLS LLC -- -> Deleted
    [Adw.ImpaqSpeed (Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\Melasys LLC -- -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\ProductSetup -- -> Deleted
    [PUP.Gen1|PUP.ByteFence (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\ByteFence -- -> Deleted
    [PUP.Gen1|PUP.ByteFence (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\ByteFence -- -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286} -- -> Deleted
    [PUP.Gen0 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PremierOpinion -- [%programfiles(x86)%\PremierOpinion\pmservice.exe \service] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{DB70CE8F-FEF9-4FBB-BDE7-37E383D6835B}C:\users\jake\appdata\local\mycomgames\mycomgames.exe -- [%localappdata%\mycomgames\mycomgames.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{67EB7201-1958-4BA5-9F7F-4470AB4C474C}C:\users\jake\appdata\local\mycomgames\mycomgames.exe -- [%localappdata%\mycomgames\mycomgames.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{BB3CD83F-C823-4C0F-8833-63DAEF0E3612}C:\users\jake\appdata\local\mycomgames\mycomgames.exe -- [%localappdata%\mycomgames\mycomgames.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{3D338E0C-FCBF-4175-8AE9-7EC278C0DE27}C:\users\jake\appdata\local\mycomgames\mycomgames.exe -- [%localappdata%\mycomgames\mycomgames.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{FC31C2C4-B1B2-414B-914C-170FCD7A378B}C:\users\jake\appdata\local\warthunder\launcher.exe -- [%localappdata%\warthunder\launcher.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{6F4091AC-4321-4368-8102-215AF5E1C7B7}C:\users\jake\appdata\local\warthunder\launcher.exe -- [%localappdata%\warthunder\launcher.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{7D7A305B-794A-498D-A209-BA12AA08C8C4}C:\users\jake\appdata\local\warthunder\launcher.exe -- [%localappdata%\warthunder\launcher.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{6E6B5417-4BC5-49DF-B854-A601A9FB8DAB}C:\users\jake\appdata\local\warthunder\launcher.exe -- [%localappdata%\warthunder\launcher.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{CAAEE0B5-7392-4A29-8F70-E9A8B0C46D3C}C:\users\jake\appdata\local\gamecenter\gamecenter.exe -- [%localappdata%\gamecenter\gamecenter.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{560F7B28-BB42-4095-8BFC-D596F72BCA32}C:\users\jake\appdata\local\gamecenter\gamecenter.exe -- [%localappdata%\gamecenter\gamecenter.exe] -> Deleted
    [PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{AE32B1C9-4242-4351-92E8-FA69BBA92F56}C:\program files (x86)\premieropinion\pmropn.exe -- [%programfiles(x86)%\premieropinion\pmropn.exe] -> Deleted
    [PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8EEE1590-814B-4AA3-B6B2-34885A262A80}C:\program files (x86)\premieropinion\pmropn.exe -- [%programfiles(x86)%\premieropinion\pmropn.exe] -> Deleted
    [PUP.Gen1|PUP.ByteFence (Potentially Malicious)] ByteFence -- %programdata%\ByteFence -> Deleted
    [PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] PremierOpinion -- %programdata%\Microsoft\Windows\Start Menu\Programs\PremierOpinion -> Deleted
    [PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] PremierOpinion -- %programfiles(x86)%\PremierOpinion -> Removed at reboot [91]
    [PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] PremierOpinion -- %programfiles(x86)%\PremierOpinion -> Removed at reboot [91]
    [PUP.AutoIt.Gen (Potentially Malicious)] AutoClicker.exe -- %USERPROFILE%\Downloads\AutoClicker.exe -> Deleted
     
  9. lurla

    lurla Established Techie7 Member

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/17/19
    Scan Time: 3:21 PM
    Log File: fce987a8-32e4-11e9-9e0a-c8d3fff0e337.json

    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.538
    Update Package Version: 1.0.9308
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.523)
    CPU: x64
    File System: NTFS
    User: LAPTOP-2PTBAV14\Jake

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 290721
    Threats Detected: 160
    Threats Quarantined: 159
    Time Elapsed: 11 min, 22 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 1
    PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, Quarantined, [2216], [178970],1.0.9308

    Module: 47
    PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, Quarantined, [2216], [178970],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308

    Registry Key: 6
    PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [2048], [183362],1.0.9308
    PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [2048], [183362],1.0.9308
    PUP.Optional.SearchManager, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [2048], [183362],1.0.9308
    PUP.Optional.WinYahoo, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [237], [247049],1.0.9308
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [237], [247049],1.0.9308
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [237], [247049],1.0.9308

    Registry Value: 6
    PUP.Optional.SearchManager, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [2048], [183362],1.0.9308
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [237], [247049],1.0.9308
    PUP.Optional.OpinionSquare, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}, Quarantined, [3196], [241422],1.0.9308
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [237], [247049],1.0.9308
    PUP.Optional.Spigot.Generic, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|cglnkolnaldeeolpbfpgemdanfcgiklp, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|kmomlllimffhhfhfoikjdkcjlebmnjmn, Quarantined, [219], [495178],1.0.9308

    Registry Data: 2
    PUP.Optional.WinYahoo, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [237], [292990],1.0.9308
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [237], [293458],1.0.9308

    Data Stream: 0
    (No malicious items detected)

    Folder: 25
    PUP.Optional.PremierOpinion, C:\PROGRAM FILES (X86)\PREMIEROPINION, Removal Failed, [2216], [178970],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_locales\en, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\html\popup, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_metadata, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\js\popup, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_locales, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\newtab, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\html, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\css, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\js, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGLNKOLNALDEEOLPBFPGEMDANFCGIKLP, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_locales\en, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\html\popup, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_metadata, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\js\popup, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_locales, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\newtab, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\html, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\css, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\js, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KMOMLLLIMFFHHFHFOIKJDKCJLEBMNJMN, Quarantined, [219], [495178],1.0.9308

    File: 73
    PUP.Optional.Booking, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BOOKING.COM.LNK, Quarantined, [862], [347183],1.0.9308
    PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS_MIGRATED\ByteFence, Quarantined, [5941], [391769],1.0.9308
    PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, Quarantined, [2216], [178970],1.0.9308
    PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn32.exe, Quarantined, [2216], [178970],1.0.9308
    PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn64.exe, Quarantined, [2216], [178970],1.0.9308
    PUP.Optional.PremierOpinion, C:\PROGRAMDATA\RogueKiller\quarantine\569120E0C3639CD7.vir\PremierOpinion.lnk, Quarantined, [2216], [178970],1.0.9308
    PUP.Optional.SearchManager, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2048], [183362],1.0.9308
    PUP.Optional.WinYahoo, C:\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6VEUKYI2.DEFAULT\SEARCHPLUGINS\YAHOO! POWERED SEARCH.XML, Quarantined, [237], [302288],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\000003.log, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\CURRENT, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\LOCK, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\LOG, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\LOG.old, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\MANIFEST-000001, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGLNKOLNALDEEOLPBFPGEMDANFCGIKLP\3.8_0\CHROMERESTORE.JS, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\css\description.css, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\css\popup.css, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\html\popup\description.html, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\html\popup\popup.html, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\js\popup\popup.js, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\js\userNewTab.js, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\newtab\quicktab.html, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_locales\en\messages.json, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_metadata\verified_contents.json, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\after.js, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\background.js, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\contentscript.js, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\icon.png, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\manifest.json, Quarantined, [219], [454579],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\000003.log, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\CURRENT, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\LOCK, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\LOG, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\LOG.old, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\MANIFEST-000001, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KMOMLLLIMFFHHFHFOIKJDKCJLEBMNJMN\3.3_0\BACKGROUND.JS, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\css\description.css, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\css\popup.css, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\html\popup\description.html, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\html\popup\popup.html, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\js\popup\popup.js, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\js\userNewTab.js, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\newtab\newtab.html, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_locales\en\messages.json, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_metadata\computed_hashes.json, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_metadata\verified_contents.json, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\contentscript.js, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\icon.png, Quarantined, [219], [495178],1.0.9308
    PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\manifest.json, Quarantined, [219], [495178],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRA~2\PREMIE~1\PMROPN32.EXE, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRA~2\PREMIE~1\PMROPN64.EXE, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\COMPONENTS\PMXG.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMPH.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\990CB3AB29F27E13.VIR\PMROPN64.EXE, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\FIREFOX\PMNX.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMXF.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\990CB3AB29F27E13.VIR\PMROPN32.EXE, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMROPN64.EXE, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMROPN32.EXE, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMROPN.EXE, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMSERVICE.EXE, Quarantined, [10315], [299817],1.0.9308
    Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\990CB3AB29F27E13.VIR\PMROPN.EXE, Quarantined, [10315], [299817],1.0.9308
    Generic.Malware/Suspicious, C:\USERS\JAKE\APPDATA\ROAMING\JJSPLOIT\__INSTALLER.EXE, Quarantined, [0], [392686],1.0.9308
    PUP.Optional.SearchManager.BITSRST, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [265], [626729],1.0.9308
    PUP.Optional.SearchManager.BITSRST, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [265], [626729],1.0.9308

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)
     
  10. lurla

    lurla Established Techie7 Member

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-02-15.6 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 02-17-2019
    # Duration: 00:00:12
    # OS: Windows 10 Home
    # Cleaned: 5
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted C:\Program Files (x86)\PremierOpinion

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
    Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
    Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
    Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F94D0AB9-94F3-40D1-A170-654BB3A35310}C:\program files (x86)\premieropinion\pmropn.exe

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1848 octets] - [17/02/2019 15:56:19]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     
  11. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.