[Active] Premier Opinion (and very slow laptop)

My 10 yr old's laptop is almost constantly at 100% disk and cpu 90+. It's a few yrs old but still works ok for what he wants it for. I know he has tried to download games that haven't worked (maybe due to his computer) such as Roblox (that used to work) and Fortnite (which i told him was likely too much for his computer). I tried having a look but all I can see is this Premier Opinion that is running and google says is malware. I'm hoping for some help to get this thing working a little better. Bad enough that its really loud! lol I did a scan with Avast and nothing showed up except the one i mentioned and it obviously didnt remove it because its still showing as running.


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019
Ran by Jake (07-02-2019 16:07:21)
Running from C:\Users\Jake\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-08-07 19:56:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3070637302-2056889590-1829843764-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3070637302-2056889590-1829843764-503 - Limited - Disabled)
Guest (S-1-5-21-3070637302-2056889590-1829843764-501 - Limited - Disabled)
Jake (S-1-5-21-3070637302-2056889590-1829843764-1001 - Administrator - Enabled) => C:\Users\Jake
WDAGUtilityAccount (S-1-5-21-3070637302-2056889590-1829843764-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-85f384e8-faeb-48a8-8854-75aedf21aa14) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 71.0.1037.98 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Awakening: The Dreamless Castle (HKLM-x32\...\WTA-1942fc4d-ce20-43af-a5e6-cf8edaa4de45) (Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-919ca29c-b54b-4971-b163-0a772bfe5def) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-1dc5aaa3-3497-4400-9006-2f23b8d83c0c) (Version: 3.0.2.48 - WildTangent) Hidden
calibre (HKLM-x32\...\{B67713B4-83B9-496D-8B26-EBC27F10D562}) (Version: 2.85.1 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{020D236C-0860-8700-6645-A8D7DF7D1219}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B8D846ED-A061-FC73-1A80-E45A70FC8BE1}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{05B3192F-37A6-D1F0-365B-476D69C3F0D2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{5FBFEC71-C194-6D96-21D9-80C183E25878}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9A841032-8472-D1CE-0ACB-E399AC7A2199}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9DF52711-9C0C-5B80-6304-49CE67D2824D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{7516F9DE-6B63-B709-84CE-3098F06DD318}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{AF5429E4-27FD-3F52-A54D-6BD8F4A68963}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{5BA23300-0626-7146-471A-5BF56F8B5CBD}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{3FF26615-BB9E-2C89-6532-4B6215A20BB5}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{58EB8CBE-C35C-ADE2-1F58-0F9D453976D4}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B84C4DE7-F6A1-CC2A-9EE3-781DC5D600C2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{401E894B-7172-98C5-0DA6-A05F78EE79B9}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{A3A601FE-245E-B0EE-F0B1-DDACCBBFDF7B}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6332ED4-35E5-CC2A-4E37-612FC1985994}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{89551DFD-EC10-8C4C-E127-9EEB614346FA}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{9E3D8484-056C-E087-D6F4-FCCD5EF6FABB}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{ADC3E089-7CA6-E182-26B3-A7DA6438636D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01C748AD-07EC-9D6B-3F15-43D49C5E9DE6}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{E5407BDB-DAF1-F28E-B835-BB90F20A3333}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{9A8954B1-8591-D49B-F337-800094222F7E}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-08509b4b-cbbb-44ff-a99e-40dd918f7d54) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-3ff72a1c-2bce-41ef-b467-ae6da88e037b) (Version: 3.0.2.59 - WildTangent) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hard Time (HKLM-x32\...\Hard Time) (Version: - MDickie)
Home Makeover (HKLM-x32\...\WTA-a20ca41a-19dd-4e0a-bd40-1dcc67d332bb) (Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-d99a62d4-31c5-4bc7-b4e1-311ea7698a55) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.7.50.3 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.10.49.21 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
IGT Slots Fire Rubies (HKLM-x32\...\WTA-44f5d1ee-4fad-4c53-ab0e-efdeee12f04a) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-c4332c52-ebce-4876-853c-826dcb7e8bf6) (Version: 3.0.2.59 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-0580b873-0ccd-4ce5-8ade-5e1782e82aa9) (Version: 3.0.2.118 - WildTangent) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Little Boy: Walter's Scooter (HKLM-x32\...\WTA-ffaa1a54-6dd1-4d1f-8b4e-3f73442078f4) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-9541e647-4f4e-4e38-a62a-d04e8233bc96) (Version: 3.0.2.59 - WildTangent) Hidden
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-692a9377-cc58-45c8-b8ef-b7e1d3ace27c) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Plagiarii (HKLM-x32\...\WTA-f4535862-815d-42bf-b8d8-b93e19c197f6) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-80b0a5b1-d118-4915-a869-0d0b075d85e4) (Version: 3.0.2.59 - WildTangent) Hidden
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.419 - VoiceFive, Inc.) <==== ATTENTION
PuppetShow: Return to Joyville (HKLM-x32\...\WTA-9ab39b41-6a78-4ecd-b3db-19de39be9599) (Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (HKLM-x32\...\WTA-0fc9fbb6-a5cc-482a-b202-6adc019d9201) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7743 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.69 - REALTEK Semiconductor Corp.)
Regency Solitaire (HKLM-x32\...\WTA-1c934972-1aaa-45f7-a8a6-331440f7073a) (Version: 3.0.2.126 - WildTangent) Hidden
Roblox Player for Jake (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Jake (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
Roblox Studio for Jake (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\roblox-studio) (Version: - Roblox Corporation)
Runefall (HKLM-x32\...\WTA-9f87d66e-86b4-4d40-935a-c36c2a9ee1a7) (Version: 3.0.2.126 - WildTangent) Hidden
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Scratch 2 Offline Editor (HKLM-x32\...\{6E988774-5309-E02E-7EA8-F19CB65C2063}) (Version: 255 - Massachusetts Institute of Technology) Hidden
Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 461 - Massachusetts Institute of Technology)
Stardock Start10 (HKLM\...\Start10_is1) (Version: 1.0 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StudioTax 2016 (HKLM-x32\...\{77DBD10C-44F6-421F-826A-202CEB287790}) (Version: 12.0.5.1 - BHOK IT Consulting)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Tasty Blue (HKLM-x32\...\WTA-55787782-2e68-4306-9b6c-d44b00b8ac40) (Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (HKLM-x32\...\WTA-adc10ec0-891e-4b6e-b4db-46ee6d5f6b08) (Version: 3.0.2.59 - WildTangent) Hidden
The Fastest Mouse Clicker for Windows version 1.9.8.2 (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\The Fastest Mouse Clicker for Windows_is1) (Version: 1.9.8.2 - Open Source Developer Masha Novedad (twitter.com/WIN_2048_CLUB))
The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
WebM Project Directshow Filters (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {052CC1EE-CDEC-4E9C-A090-0CD183036D91} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {06A4BFAE-A170-4C05-A189-8DBD19FBA346} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2019-01-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {0AAC2CE2-EBBD-42F7-AEA2-4317984593B9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {14DE5A68-79C8-482F-A85E-C337066257E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc. -> HP Inc.)
Task: {30781664-400F-4B04-8C46-663306F4E500} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-12-25] (AVAST Software a.s. -> AVAST Software)
Task: {38415E3D-0481-4FCF-B95D-3713BDA7014D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {4B27BAF1-6507-4940-9771-0E77FA89B5B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {51F9C584-CA0F-4891-9F61-14CDB24A3ACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc. -> HP Inc.)
Task: {54CDD5CA-3226-4AD6-A422-A44817E6398F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc. -> HP Inc.)
Task: {5526E72D-58A0-4A05-BDDE-AD290CE2E84A} - System32\Tasks\HPCeeScheduleForJake => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {5548B3C6-1027-42D9-B6A8-DB97DC9BEB15} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EBA1901-0999-4606-B343-460CFB1DA384} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {65079A16-07B5-4EF3-97AF-FB8697E2BE1E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {6BFB9FDE-89A5-4EA2-B30D-550949AC79F3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D208375-17E5-4C4A-BC94-283E8F9D70B0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {7ABA3A5B-C746-4997-8549-044C440EFFA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {847E76D4-2938-4D81-B138-D025C7BB2C78} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] (Dropbox, Inc -> )
Task: {85859139-617A-4330-8A6E-8F9CFA421F19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2019-01-17] (HP Inc. -> HP Inc.)
Task: {85C964C2-8F10-4BDB-9329-184D8C31E011} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {868FAA82-6A58-42BA-988D-C4E173EC19BF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {88A2FFD0-A03E-4D06-8A7F-F6B01139F2F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8D228364-236A-413D-AC02-BED78D746949} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
Task: {8E7254A3-64F6-4B7D-9BB6-E158F405044C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc -> Google Inc.)
Task: {91E8CBCE-7500-4702-BF87-08CA82080EF1} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {ACD214D7-490A-4EA6-8D86-9DBE53F9F71D} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-12-25] (AVAST Software a.s. -> AVAST Software)
Task: {AF19E3F7-F989-44C3-900A-289B30F5D91E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5275FC9-FB04-4DF5-BAEC-B4935CEAA21C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc. -> HP Inc.)
Task: {B6D869EC-A274-486F-9455-4157A20C4CE2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF56029A-8895-4A03-9501-2006E4373F59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc. -> HP Inc.)
Task: {DAAFC2BB-0AAC-4214-9586-98FF3515F11B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E418C63C-5F48-4D79-A07E-7794586B73D7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc. -> HP Inc.)
Task: {E838EDDC-7BF0-4688-8B27-9177EBFFDDB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJake.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scratch\Scratch Website.lnk -> hxxp://scratch.mit.edu

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.booking.com/index.html?aid=398438&label=square

==================== Loaded Modules (Whitelisted) ==============

2016-10-28 12:35 - 2014-04-14 22:29 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-12-25 08:13 - 2016-12-25 08:14 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2018-04-11 20:04 - 2018-04-11 20:04 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 20:04 - 2018-04-11 20:04 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-14 17:28 - 2018-11-08 22:47 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-19 00:42 - 2019-01-01 03:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-08-07 14:11 - 2018-08-07 14:11 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-08-07 14:11 - 2018-08-07 14:11 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2019-01-23 23:15 - 2019-01-23 23:16 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-01-23 23:15 - 2019-01-23 23:16 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-03 11:17 - 2018-08-03 11:18 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 18:57 - 2018-11-29 18:58 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-23 23:15 - 2019-01-23 23:16 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-01-23 23:15 - 2019-01-23 23:16 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2015-06-25 21:04 - 2015-06-25 21:04 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 21:07 - 2015-06-25 21:07 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 21:05 - 2015-06-25 21:05 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 21:08 - 2015-06-25 21:08 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 20:23 - 2015-06-25 20:23 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 20:21 - 2015-06-25 20:21 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-08 20:06 - 2019-01-08 20:06 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-02-07 15:26 - 2019-02-07 15:26 - 000321928 _____ () C:\Program Files\AVAST Software\Avast\serialization.dll
2019-02-07 15:26 - 2019-02-07 15:26 - 000654216 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2016-09-21 12:14 - 2016-09-21 12:14 - 000584488 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2016-03-26 23:55 - 2016-03-26 23:55 - 000138752 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2019-01-19 18:02 - 2019-01-19 18:03 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-19 18:02 - 2019-01-19 18:03 - 065903104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-08-03 11:29 - 2018-08-03 11:33 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-19 18:02 - 2019-01-19 18:03 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-11-17 12:18 - 2018-11-17 12:23 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-08-21 17:59 - 2018-08-21 18:00 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-11-17 12:18 - 2018-11-17 12:23 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-21 17:59 - 2018-08-21 18:00 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-08-03 11:29 - 2018-08-03 11:33 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2019-01-19 18:02 - 2019-01-19 18:03 - 014186496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-11-17 12:18 - 2018-11-17 12:23 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2019-01-19 18:02 - 2019-01-19 18:03 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 19:56 - 2018-08-30 19:57 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-08-03 11:29 - 2018-08-03 11:32 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-18 20:57 - 2018-12-12 01:41 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-18 20:56 - 2018-12-12 01:41 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-10-08 19:25 - 2018-10-08 19:25 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-09-07 16:52 - 2018-09-07 16:53 - 032745472 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1805.2331.0_x64__8wekyb3d8bbwe\PilotshubApp.dll
2016-12-25 08:13 - 2016-12-25 08:18 - 038907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:54 - 2019-01-04 22:43 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts


2018-12-16 13:36 - 2018-12-16 14:27 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 24.222.0.94 - 24.222.0.95
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{B560FE2F-21B6-46CD-AA47-7AFC4BA919B2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{45A5C16B-B976-41D7-923E-355B31877F18}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{4FBEA59E-C429-455D-9EE2-1C9D2E69631E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{4E43AD26-FBFE-40A6-82DB-283390F8D481}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{1BBD540C-2E22-455C-9C4B-7E1140A4B619}] => (Allow) C:\Users\Jake\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{400B0BD6-3722-4DB4-8410-9267A6591B1A}] => (Allow) C:\Users\Jake\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{BBEE0259-BEC9-4819-B297-0C1B1D1602A8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe No File
FirewallRules: [{084B65EB-1F3E-4405-A941-E19107099916}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe No File
FirewallRules: [{41D5A2BF-8F72-4EC0-82AF-CF22B8300DA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B295BCCB-70B6-43B3-BB56-B34D66774B56}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{63FAD1F1-667D-414C-BB84-1CD653036299}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{57F3618C-FF3F-4960-B354-6329F77397F6}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{9773208F-3679-45E2-88E3-2851C395B8CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93D2D973-D4D2-460E-B6CA-4D0B9A703DC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1885E8EF-4F87-41D7-AFFD-94EE0AB5D4B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B06E836-4C29-4183-B28B-FF49D19742CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F04F6867-2245-46B4-8845-6831CA1193D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{30E3AF2A-65A1-4E00-A927-215391EA867C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{DD00ABC1-0FB4-40E7-B731-C20EE486255B}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe ()
FirewallRules: [UDP Query User{887C10D2-1D03-4DAD-9959-C0C1437DB365}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe ()
FirewallRules: [{EAF0950C-64E7-49C2-98AA-EBA9E629452D}] => (Block) C:\program files (x86)\calibre2\calibre.exe ()
FirewallRules: [{E8A0A622-143E-4D31-8B15-333F6FD52079}] => (Block) C:\program files (x86)\calibre2\calibre.exe ()
FirewallRules: [TCP Query User{DB70CE8F-FEF9-4FBB-BDE7-37E383D6835B}C:\users\jake\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\jake\appdata\local\mycomgames\mycomgames.exe No File
FirewallRules: [UDP Query User{3D338E0C-FCBF-4175-8AE9-7EC278C0DE27}C:\users\jake\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\jake\appdata\local\mycomgames\mycomgames.exe No File
FirewallRules: [TCP Query User{BB3CD83F-C823-4C0F-8833-63DAEF0E3612}C:\users\jake\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\jake\appdata\local\mycomgames\mycomgames.exe No File
FirewallRules: [UDP Query User{67EB7201-1958-4BA5-9F7F-4470AB4C474C}C:\users\jake\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\jake\appdata\local\mycomgames\mycomgames.exe No File
FirewallRules: [TCP Query User{6F4091AC-4321-4368-8102-215AF5E1C7B7}C:\users\jake\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\jake\appdata\local\warthunder\launcher.exe No File
FirewallRules: [UDP Query User{FC31C2C4-B1B2-414B-914C-170FCD7A378B}C:\users\jake\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\jake\appdata\local\warthunder\launcher.exe No File
FirewallRules: [TCP Query User{316A00D6-844D-4835-9C1D-10739C8197AE}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [UDP Query User{51CED2FC-1145-4443-BBA8-B9AD99F47BE8}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [TCP Query User{7D7A305B-794A-498D-A209-BA12AA08C8C4}C:\users\jake\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\jake\appdata\local\warthunder\launcher.exe No File
FirewallRules: [UDP Query User{6E6B5417-4BC5-49DF-B854-A601A9FB8DAB}C:\users\jake\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\jake\appdata\local\warthunder\launcher.exe No File
FirewallRules: [TCP Query User{53C12259-6B9C-49E5-B835-D08741F94A34}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [UDP Query User{318A1A19-A014-4995-B287-D31E17C8A152}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [{878AAF98-BEA7-427D-83EC-C27AD4130280}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{60936E6C-529E-45ED-A9D7-E561E8E7CB90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A6F6CDAD-EC6A-41EC-BDC6-449570F67C2B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F7510907-4928-4DBF-9E3A-7755329ACB09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B681D270-8320-4966-8E26-6078E80A46D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS -> Reto-Moto ApS)
FirewallRules: [{D039E9EC-4FA3-41C8-B2BC-327C1E2E9891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS -> Reto-Moto ApS)
FirewallRules: [{47D7F506-C68E-436D-BE1D-45FF9285EB0D}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{E255F00E-D270-44A4-8810-DF19A86647A3}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{E8F5B78C-EED6-4D0F-91DA-AB6A84BB82E2}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{EFDB9C0F-FB27-4FF7-BD5F-19A5D362BD8A}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{7E35175E-2D77-41A5-9E62-0882BA2C7723}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{3526840F-3E5E-4963-BF19-E5BD433DE178}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{C6E12266-1343-43E1-85B7-B056D819FFB7}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{2E93B21B-5FD5-4956-B48E-9DB3C3A90910}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{82A7F702-A11F-4ECE-8874-049208FA5DD6}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{D0C8AC0C-EAF4-4A9F-8F19-E15EE2D48F88}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{E6CA2FAA-E484-467E-A414-E94A10FE955D}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{C2BE29C5-589F-481D-A4DB-5E7F1ED71DEF}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [TCP Query User{F94D0AB9-94F3-40D1-A170-654BB3A35310}C:\program files (x86)\premieropinion\pmropn.exe] => (Block) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc. -> VoiceFive, Inc.)
FirewallRules: [{C9ABD743-664C-4545-A3EF-5076826A3764}] => (Allow) C:\Users\Jake\Downloads\meteor 60 seconds\Steam.exe No File
FirewallRules: [{62B78029-B63C-4215-BD46-5E7BEE576B3F}] => (Allow) C:\Users\Jake\Downloads\meteor 60 seconds\Steam.exe No File
FirewallRules: [{B696F37F-E6AB-461B-AE6A-A5DEBDB09B4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CAAEE0B5-7392-4A29-8F70-E9A8B0C46D3C}C:\users\jake\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jake\appdata\local\gamecenter\gamecenter.exe No File
FirewallRules: [UDP Query User{560F7B28-BB42-4095-8BFC-D596F72BCA32}C:\users\jake\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jake\appdata\local\gamecenter\gamecenter.exe No File
FirewallRules: [{06A22BCF-7651-48E3-89D6-BAFB16B55F54}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{8EEE1590-814B-4AA3-B6B2-34885A262A80}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc. -> VoiceFive, Inc.)
FirewallRules: [UDP Query User{AE32B1C9-4242-4351-92E8-FA69BBA92F56}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc. -> VoiceFive, Inc.)
FirewallRules: [{FC81C209-4694-477B-AC5A-12E10EB72634}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{585C3E60-5B39-4C99-8C79-CCD6012ED50D}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{7BE996EE-1D43-412F-8DAE-60DA2F4B1594}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{6743CD1F-C994-4DAA-945F-9450288AEDAD}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

08-01-2019 20:12:40 Windows Update
19-01-2019 00:34:54 Windows Update
23-01-2019 21:37:41 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2019 03:35:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_fb409dd930672a56.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_42edd4b044e3535c.manifest.

Error: (02/03/2019 06:45:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7578

Error: (02/03/2019 06:45:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7578

Error: (02/03/2019 06:45:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2019 06:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6109

Error: (02/03/2019 06:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6109

Error: (02/03/2019 06:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2019 06:45:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4656


System errors:
=============
Error: (02/07/2019 03:54:25 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2PTBAV14)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-2PTBAV14\Jake SID (S-1-5-21-3070637302-2056889590-1829843764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/07/2019 03:45:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/07/2019 03:44:11 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2PTBAV14)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-2PTBAV14\Jake SID (S-1-5-21-3070637302-2056889590-1829843764-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (02/07/2019 03:36:51 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2PTBAV14)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-2PTBAV14\Jake SID (S-1-5-21-3070637302-2056889590-1829843764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/07/2019 03:36:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/07/2019 03:34:43 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (02/07/2019 03:34:43 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (02/07/2019 03:33:22 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.


Windows Defender:
===================================
Date: 2018-09-14 21:56:44.804
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

CodeIntegrity:
===================================

Date: 2019-02-07 15:36:04.450
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Store signing level requirements.

Date: 2019-02-07 15:32:45.013
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-07 15:32:44.976
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-07 15:32:44.963
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-07 15:32:44.949
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-07 15:32:44.934
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-07 15:32:44.917
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-07 15:32:44.834
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD E2-7110 APU with AMD Radeon R2 Graphics
Percentage of memory in use: 91%
Total physical RAM: 3529.01 MB
Available physical RAM: 293.02 MB
Total Virtual: 5833.01 MB
Available Virtual: 1742.27 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.28 GB) (Free:343.16 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.25 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{96bcdb8c-dbf0-4a95-b839-34ce7c0f7d2a}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.42 GB) NTFS
\\?\Volume{db445438-544b-4b96-b8c7-f0ec6d2687ce}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D3A0881B)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 6.02.2019
Ran by Jake (administrator) on LAPTOP-2PTBAV14 (07-02-2019 16:01:57)
Running from C:\Users\Jake\Downloads
Loaded Profiles: Jake (Available Profiles: Jake)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn64.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\SDXHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [StartCN] => c:\Program Files\AMD\CNext\CNext\cnext.exe [4998856 2016-03-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [Discord] => C:\Users\Jake\AppData\Local\Discord\app-0.0.298\Discord.exe
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [Steam] => "C:\Users\Jake\Downloads\meteor 60 seconds\steam.exe" -silent
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35195280 2019-02-02] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [AvastBrowserAutoLaunch_3A0FF50006DAA5E1AC86787097F1E186] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1829736 2019-01-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\Installer\chrmstp.exe [2019-01-18] (AVAST Software s.r.o. -> AVAST Software)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{a10f5569-fa0e-4652-bc5f-661a1838cc41}: [DhcpNameServer] 24.222.0.94 24.222.0.95

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {45739E94-3E6C-4C14-BF04-5CD1EEEC0AC4} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DtA0F0F0FtD0EtAtAyBtC0C0AzztN0D0Tzu0StBtDyEyCtN1L2XzutAtFtBzytFtAtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0FyD0D0AtCyCtGyEtAyC0AtGyD0Ezy0FtGyCyDzytDtGtDtCzytByCtCtAyB0DtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtBtB0A0F0FtCtGyDzztCtAtGyE0DtAzytGzz0A0FyEtG0D0E0CtBtCtC0D0DtB0F0C0B2QtN0A0LzutB%26cr%3D1854179797%26a%3Dwny_btrnt_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {45739E94-3E6C-4C14-BF04-5CD1EEEC0AC4} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3070637302-2056889590-1829843764-1001 -> {45739E94-3E6C-4C14-BF04-5CD1EEEC0AC4} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6veukyi2.default
FF ProfilePath: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default [2019-02-07]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default\Extensions\sp@avast.com.xpi [2018-10-26]
FF Extension: (Avast Online Security) - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default\Extensions\wrc@avast.com.xpi [2018-08-03]
FF SearchPlugin: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default\searchplugins\yahoo! powered search.xml [2017-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2018-08-17] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3070637302-2056889590-1829843764-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jake\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-20] (Citrix Online)

Chrome:
=======
CHR NewTab: Default -> Not-active:"chrome-extension://kmomlllimffhhfhfoikjdkcjlebmnjmn/newtab/newtab.html", Not-active:"chrome-extension://cglnkolnaldeeolpbfpgemdanfcgiklp/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> lp
CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms}
CHR Profile: C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default [2019-02-07]
CHR Extension: (Slides) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-02]
CHR Extension: (Docs) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-02]
CHR Extension: (Google Drive) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-25]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-08-02]
CHR Extension: (YouTube) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-25]
CHR Extension: (Easy Speed Test V3.2) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp [2018-08-03]
CHR Extension: ( Colorful Galaxy) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaabbbedehhbogefnfdakijemlefkkeh [2018-11-17]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-07]
CHR Extension: (Sheets) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Avast Online Security) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-02-07]
CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-01-05]
CHR Extension: (Popup Blocker Pro) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-09-14]
CHR Extension: (My Quick Converter Version 3) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn [2017-06-26]
CHR Extension: (Custom Progress Bar for YouTube™) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkomboflhdlliegkaiepilnfmophgfg [2018-11-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-03]
CHR Extension: (Gmail) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-25]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-03-26] () [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [249344 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe [390552 2019-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [722216 2017-08-09] (Reto-Moto ApS -> Reto-Moto ApS) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
R2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [168704 2018-10-17] (VoiceFive, Inc. -> VoiceFive, Inc.) <==== ATTENTION
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-12-25] (AVAST Software a.s. -> )
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Corporation -> Stardock Software, Inc)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27384 2016-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [23983104 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [674816 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2016-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [225680 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196072 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320696 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57960 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249456 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167304 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034432 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474456 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216784 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379952 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-04-11] (Intel Corporation - Client Components Group -> Intel Corporation)
S0 nvraid; C:\WINDOWS\System32\drivers\nvraid.sys [150424 2018-04-11] (Microsoft Windows -> NVIDIA Corporation)
S0 nvstor; C:\WINDOWS\System32\drivers\nvstor.sys [166304 2018-04-11] (Microsoft Windows -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek Semiconductor Corp -> Realtek )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S0 SiSRaid2; C:\WINDOWS\System32\drivers\SiSRaid2.sys [44952 2018-04-11] (Microsoft Windows -> Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\WINDOWS\System32\drivers\sisraid4.sys [81816 2018-04-11] (Microsoft Windows -> Silicon Integrated Systems)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [62568 2016-03-14] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-07 16:01 - 2019-02-07 16:05 - 000030204 _____ C:\Users\Jake\Downloads\FRST.txt
2019-02-07 16:00 - 2019-02-07 16:00 - 002433536 _____ (Farbar) C:\Users\Jake\Downloads\FRST64.exe
2019-02-07 15:27 - 2019-02-07 15:26 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-01-24 21:15 - 2018-09-20 00:42 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-01-23 23:42 - 2019-02-07 15:26 - 000225680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-01-23 21:55 - 2019-01-23 21:55 - 000000000 ___HD C:\OneDriveTemp
2019-01-19 00:44 - 2019-01-01 03:42 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-19 00:44 - 2019-01-01 03:25 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-19 00:44 - 2019-01-01 03:20 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-19 00:44 - 2019-01-01 03:07 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-19 00:43 - 2019-01-01 10:16 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-19 00:43 - 2019-01-01 09:50 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-19 00:43 - 2019-01-01 03:44 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-19 00:43 - 2019-01-01 03:43 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-19 00:43 - 2019-01-01 03:42 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-19 00:43 - 2019-01-01 03:42 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-19 00:43 - 2019-01-01 03:42 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-19 00:43 - 2019-01-01 03:20 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-19 00:43 - 2019-01-01 03:15 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-19 00:43 - 2019-01-01 03:15 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-19 00:43 - 2019-01-01 03:12 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-19 00:43 - 2019-01-01 03:07 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-19 00:43 - 2019-01-01 03:07 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-19 00:43 - 2019-01-01 02:59 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-19 00:43 - 2019-01-01 02:52 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-19 00:43 - 2019-01-01 02:46 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-19 00:43 - 2019-01-01 02:44 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-19 00:42 - 2019-01-01 10:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-19 00:42 - 2019-01-01 10:17 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-19 00:42 - 2019-01-01 10:15 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-19 00:42 - 2019-01-01 10:15 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-19 00:42 - 2019-01-01 10:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-19 00:42 - 2019-01-01 09:50 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-19 00:42 - 2019-01-01 09:48 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-19 00:42 - 2019-01-01 09:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-19 00:42 - 2019-01-01 03:44 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-19 00:42 - 2019-01-01 03:44 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-19 00:42 - 2019-01-01 03:44 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-19 00:42 - 2019-01-01 03:44 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-19 00:42 - 2019-01-01 03:44 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-19 00:42 - 2019-01-01 03:43 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-19 00:42 - 2019-01-01 03:43 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-19 00:42 - 2019-01-01 03:43 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-19 00:42 - 2019-01-01 03:43 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-19 00:42 - 2019-01-01 03:42 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-19 00:42 - 2019-01-01 03:42 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-19 00:42 - 2019-01-01 03:42 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-19 00:42 - 2019-01-01 03:42 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-19 00:42 - 2019-01-01 03:42 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-19 00:42 - 2019-01-01 03:18 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-19 00:42 - 2019-01-01 03:18 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-19 00:42 - 2019-01-01 03:18 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-19 00:42 - 2019-01-01 03:17 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-19 00:42 - 2019-01-01 03:17 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-19 00:42 - 2019-01-01 03:16 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-19 00:42 - 2019-01-01 03:16 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-19 00:42 - 2019-01-01 03:16 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-19 00:42 - 2019-01-01 03:15 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-19 00:42 - 2019-01-01 03:13 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-19 00:42 - 2019-01-01 03:12 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-19 00:42 - 2019-01-01 03:12 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-19 00:42 - 2019-01-01 03:12 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-19 00:42 - 2019-01-01 03:11 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-19 00:42 - 2019-01-01 03:11 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-19 00:42 - 2019-01-01 03:11 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-19 00:42 - 2019-01-01 03:11 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-19 00:42 - 2019-01-01 03:07 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-19 00:42 - 2019-01-01 03:07 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-19 00:42 - 2019-01-01 03:07 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-19 00:42 - 2019-01-01 03:07 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-19 00:42 - 2019-01-01 02:47 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-19 00:42 - 2019-01-01 02:46 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-19 00:42 - 2019-01-01 02:46 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-19 00:42 - 2019-01-01 02:45 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-19 00:42 - 2019-01-01 02:45 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-19 00:42 - 2019-01-01 02:45 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-19 00:42 - 2019-01-01 02:45 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-19 00:42 - 2019-01-01 02:44 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-19 00:42 - 2019-01-01 02:44 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-19 00:42 - 2019-01-01 02:43 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-19 00:42 - 2019-01-01 02:43 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-19 00:42 - 2019-01-01 02:43 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-19 00:42 - 2019-01-01 02:42 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-19 00:42 - 2019-01-01 02:42 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-19 00:42 - 2019-01-01 02:42 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-19 00:42 - 2019-01-01 02:42 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-19 00:42 - 2019-01-01 01:53 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-19 00:42 - 2018-12-19 01:19 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-19 00:30 - 2019-01-19 00:30 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-01-19 00:30 - 2019-01-19 00:30 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-01-19 00:30 - 2019-01-19 00:30 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-01-19 00:30 - 2019-01-19 00:30 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-01-19 00:30 - 2019-01-19 00:30 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-01-19 00:30 - 2019-01-19 00:30 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-01-19 00:30 - 2019-01-19 00:30 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-01-19 00:30 - 2019-01-19 00:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-01-08 20:07 - 2019-02-07 15:26 - 000320696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-01-08 20:07 - 2019-02-07 15:26 - 000196072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-01-08 20:07 - 2019-02-07 15:26 - 000057960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-01-08 20:07 - 2019-02-07 15:26 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-07 16:05 - 2018-04-11 20:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-07 16:01 - 2018-08-15 17:19 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2019-02-07 16:01 - 2017-02-09 00:04 - 000000000 ____D C:\FRST
2019-02-07 15:53 - 2018-08-05 09:07 - 000000000 ____D C:\Users\Jake\AppData\Local\AVAST Software
2019-02-07 15:43 - 2018-12-17 15:32 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJake
2019-02-07 15:43 - 2018-12-17 15:32 - 000000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJake.job
2019-02-07 15:37 - 2016-12-25 08:15 - 000000000 ___RD C:\Users\Jake\OneDrive
2019-02-07 15:34 - 2018-08-07 16:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-07 15:33 - 2018-04-11 17:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-07 15:33 - 2017-08-04 00:39 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-02-07 15:29 - 2018-08-07 16:24 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-02-07 15:27 - 2018-11-09 19:42 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-02-07 15:27 - 2018-08-07 16:24 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B590357-4583-438D-856B-F467EF773583}
2019-02-07 15:27 - 2018-08-07 14:31 - 000474456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000379952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000216784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000167304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-02-07 15:27 - 2018-04-11 20:08 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-07 15:27 - 2017-01-10 18:57 - 000249456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-02-07 15:26 - 2018-08-07 14:31 - 001034432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-02-07 15:26 - 2018-08-07 14:31 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-02-07 15:20 - 2018-08-07 17:44 - 000000000 ____D C:\Users\Jake\AppData\Local\D3DSCache
2019-02-07 15:07 - 2018-08-07 15:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-03 14:45 - 2018-08-16 15:42 - 000001254 _____ C:\Users\Jake\Desktop\Roblox Studio.lnk
2019-02-03 14:45 - 2016-12-25 09:37 - 000001439 _____ C:\Users\Jake\Desktop\Roblox Player.lnk
2019-02-03 14:45 - 2016-12-25 09:36 - 000000000 ____D C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2019-01-27 17:39 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-27 17:39 - 2016-04-15 15:44 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-01-27 17:39 - 2016-04-15 15:44 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-01-27 15:41 - 2018-04-11 20:08 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-26 19:24 - 2018-08-07 16:24 - 000003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-01-26 19:24 - 2018-08-07 16:24 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-26 19:24 - 2018-08-07 16:24 - 000003462 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-01-26 19:24 - 2018-08-07 16:24 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-01-26 19:24 - 2018-08-07 16:24 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-26 19:24 - 2018-08-07 16:24 - 000003136 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-01-26 19:24 - 2018-08-07 16:24 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-26 19:24 - 2018-08-07 16:24 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3070637302-2056889590-1829843764-1001
2019-01-26 19:24 - 2018-08-07 16:24 - 000002542 _____ C:\WINDOWS\System32\Tasks\HPDAS
2019-01-26 19:24 - 2018-08-07 16:24 - 000002262 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2019-01-26 19:24 - 2018-08-07 16:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-01-26 18:09 - 2018-04-11 20:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-23 23:26 - 2018-08-04 08:37 - 000000000 ____D C:\Users\Jake\AppData\Local\CrashDumps
2019-01-23 23:20 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-23 23:20 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-23 21:54 - 2018-08-07 15:53 - 000002371 _____ C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-23 21:45 - 2018-08-02 21:14 - 000000000 ____D C:\Program Files\rempl
2019-01-19 17:32 - 2017-06-01 10:14 - 000000000 ____D C:\Users\Jake\AppData\Local\ElevatedDiagnostics
2019-01-19 02:01 - 2018-08-06 08:51 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-01-19 02:01 - 2018-08-06 08:51 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-01-19 00:21 - 2016-04-15 15:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-01-10 12:41 - 2016-12-26 05:34 - 000000000 ____D C:\Users\Jake\AppData\Local\ConnectedDevicesPlatform
2019-01-10 12:02 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-01-10 12:02 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-08 20:30 - 2016-12-25 20:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-08 20:19 - 2016-12-25 20:58 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-08 20:06 - 2018-08-03 15:24 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys

==================== Files in the root of some directories =======

2018-08-12 09:29 - 2018-11-01 16:58 - 000000137 _____ () C:\Users\Jake\AppData\Roaming\WB.CFG
2018-08-10 21:18 - 2018-08-10 21:18 - 000000000 _____ () C:\Users\Jake\AppData\Local\{41EE71FF-EFB5-49DF-9D56-CFE2A2E0B1C8}
2018-09-24 14:29 - 2018-09-24 14:29 - 000000153 _____ () C:\Users\Jake\AppData\Local\{49954250-F5D9-4A1A-B981-7E3A25B48E7E}
2018-09-26 15:31 - 2018-09-26 15:31 - 000000153 _____ () C:\Users\Jake\AppData\Local\{63A19B7C-4F55-45DE-8BA8-210E4C525227}
2018-09-30 11:08 - 2018-09-30 11:08 - 000000153 _____ () C:\Users\Jake\AppData\Local\{78AC3382-522F-495E-9223-C8F97CDA9FD8}
2018-11-07 16:33 - 2018-11-07 16:33 - 000000153 _____ () C:\Users\Jake\AppData\Local\{94176826-0879-4352-8756-29C89D1AAFE1}
2018-09-23 09:15 - 2018-09-23 09:15 - 000000153 _____ () C:\Users\Jake\AppData\Local\{E0423D9D-F355-41D9-8DCD-6C3D43472C4B}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-07 15:47

==================== End of FRST.txt ============================

 

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

Uninstall following unwanted program:

PremierOpinion

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

Sorry for the delay!! It took so long for the computer to turn on and download the programs that I walked away and forgot to check on it until my son asked again. Currently scanning. Will return shortly with the reports.

 

After about 6 hrs of rogue killer scanning, the computer went into sleep mode and i couldnt get it to open up.. shut the whole thing down, and all that was left was a scanning log. Rescanning

 

OK.

 

ok took me 4 tries of computers locking up and having to restart but i have scan 1 completed. doing malwarebytes now

RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Jake [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190204_072850, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/02/17 15:12:24 (Duration : 09:59:59)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] pmservice.exe [VoiceFive, Inc.] -- %programfiles(x86)%\PremierOpinion\pmservice.exe -> ERROR [0]
[PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] pmropn.exe [VoiceFive, Inc.] -- %programfiles(x86)%\PremierOpinion\pmropn.exe ->
[PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] pmropn32.exe [VoiceFive, Inc.] -- %programfiles(x86)%\PremierOpinion\pmropn32.exe ->
[PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] pmropn64.exe [VoiceFive, Inc.] -- %programfiles(x86)%\PremierOpinion\pmropn64.exe ->
[PUP.Gen0 (Potentially Malicious)] PremierOpinion -- %programfiles(x86)%\PremierOpinion\pmservice.exe \service -> Stopped
[PUP.Gen1|PUP.ByteFence (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\ByteFence -- -> Deleted
[PUP.Gen1|PUP.ByteFence (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\ByteFence -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\csastats -- -> Deleted
[PUP.WeatherBuddy (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\ELLS LLC -- -> Deleted
[Adw.ImpaqSpeed (Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\Melasys LLC -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\ProductSetup -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\csastats -- -> Deleted
[PUP.WeatherBuddy (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\ELLS LLC -- -> Deleted
[Adw.ImpaqSpeed (Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\Melasys LLC -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\ProductSetup -- -> Deleted
[PUP.Gen1|PUP.ByteFence (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\ByteFence -- -> Deleted
[PUP.Gen1|PUP.ByteFence (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\ByteFence -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286} -- -> Deleted
[PUP.Gen0 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PremierOpinion -- [%programfiles(x86)%\PremierOpinion\pmservice.exe \service] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{DB70CE8F-FEF9-4FBB-BDE7-37E383D6835B}C:\users\jake\appdata\local\mycomgames\mycomgames.exe -- [%localappdata%\mycomgames\mycomgames.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{67EB7201-1958-4BA5-9F7F-4470AB4C474C}C:\users\jake\appdata\local\mycomgames\mycomgames.exe -- [%localappdata%\mycomgames\mycomgames.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{BB3CD83F-C823-4C0F-8833-63DAEF0E3612}C:\users\jake\appdata\local\mycomgames\mycomgames.exe -- [%localappdata%\mycomgames\mycomgames.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{3D338E0C-FCBF-4175-8AE9-7EC278C0DE27}C:\users\jake\appdata\local\mycomgames\mycomgames.exe -- [%localappdata%\mycomgames\mycomgames.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{FC31C2C4-B1B2-414B-914C-170FCD7A378B}C:\users\jake\appdata\local\warthunder\launcher.exe -- [%localappdata%\warthunder\launcher.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{6F4091AC-4321-4368-8102-215AF5E1C7B7}C:\users\jake\appdata\local\warthunder\launcher.exe -- [%localappdata%\warthunder\launcher.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{7D7A305B-794A-498D-A209-BA12AA08C8C4}C:\users\jake\appdata\local\warthunder\launcher.exe -- [%localappdata%\warthunder\launcher.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{6E6B5417-4BC5-49DF-B854-A601A9FB8DAB}C:\users\jake\appdata\local\warthunder\launcher.exe -- [%localappdata%\warthunder\launcher.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{CAAEE0B5-7392-4A29-8F70-E9A8B0C46D3C}C:\users\jake\appdata\local\gamecenter\gamecenter.exe -- [%localappdata%\gamecenter\gamecenter.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{560F7B28-BB42-4095-8BFC-D596F72BCA32}C:\users\jake\appdata\local\gamecenter\gamecenter.exe -- [%localappdata%\gamecenter\gamecenter.exe] -> Deleted
[PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{AE32B1C9-4242-4351-92E8-FA69BBA92F56}C:\program files (x86)\premieropinion\pmropn.exe -- [%programfiles(x86)%\premieropinion\pmropn.exe] -> Deleted
[PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8EEE1590-814B-4AA3-B6B2-34885A262A80}C:\program files (x86)\premieropinion\pmropn.exe -- [%programfiles(x86)%\premieropinion\pmropn.exe] -> Deleted
[PUP.Gen1|PUP.ByteFence (Potentially Malicious)] ByteFence -- %programdata%\ByteFence -> Deleted
[PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] PremierOpinion -- %programdata%\Microsoft\Windows\Start Menu\Programs\PremierOpinion -> Deleted
[PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] PremierOpinion -- %programfiles(x86)%\PremierOpinion -> Removed at reboot [91]
[PUP.Gen1|PUP.MalwareProtection (Potentially Malicious)] PremierOpinion -- %programfiles(x86)%\PremierOpinion -> Removed at reboot [91]
[PUP.AutoIt.Gen (Potentially Malicious)] AutoClicker.exe -- %USERPROFILE%\Downloads\AutoClicker.exe -> Deleted

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/17/19
Scan Time: 3:21 PM
Log File: fce987a8-32e4-11e9-9e0a-c8d3fff0e337.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9308
License: Trial

-System Information-
OS: Windows 10 (Build 17134.523)
CPU: x64
File System: NTFS
User: LAPTOP-2PTBAV14\Jake

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 290721
Threats Detected: 160
Threats Quarantined: 159
Time Elapsed: 11 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, Quarantined, [2216], [178970],1.0.9308

Module: 47
PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, Quarantined, [2216], [178970],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308

Registry Key: 6
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [2048], [183362],1.0.9308
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [2048], [183362],1.0.9308
PUP.Optional.SearchManager, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [2048], [183362],1.0.9308
PUP.Optional.WinYahoo, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [237], [247049],1.0.9308
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [237], [247049],1.0.9308
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [237], [247049],1.0.9308

Registry Value: 6
PUP.Optional.SearchManager, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarantined, [2048], [183362],1.0.9308
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [237], [247049],1.0.9308
PUP.Optional.OpinionSquare, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}, Quarantined, [3196], [241422],1.0.9308
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [237], [247049],1.0.9308
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|cglnkolnaldeeolpbfpgemdanfcgiklp, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|kmomlllimffhhfhfoikjdkcjlebmnjmn, Quarantined, [219], [495178],1.0.9308

Registry Data: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [237], [292990],1.0.9308
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [237], [293458],1.0.9308

Data Stream: 0
(No malicious items detected)

Folder: 25
PUP.Optional.PremierOpinion, C:\PROGRAM FILES (X86)\PREMIEROPINION, Removal Failed, [2216], [178970],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_locales\en, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\html\popup, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_metadata, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\js\popup, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_locales, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\newtab, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\html, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\css, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\js, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGLNKOLNALDEEOLPBFPGEMDANFCGIKLP, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_locales\en, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\html\popup, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_metadata, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\js\popup, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_locales, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\newtab, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\html, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\css, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\js, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KMOMLLLIMFFHHFHFOIKJDKCJLEBMNJMN, Quarantined, [219], [495178],1.0.9308

File: 73
PUP.Optional.Booking, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BOOKING.COM.LNK, Quarantined, [862], [347183],1.0.9308
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS_MIGRATED\ByteFence, Quarantined, [5941], [391769],1.0.9308
PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, Quarantined, [2216], [178970],1.0.9308
PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn32.exe, Quarantined, [2216], [178970],1.0.9308
PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn64.exe, Quarantined, [2216], [178970],1.0.9308
PUP.Optional.PremierOpinion, C:\PROGRAMDATA\RogueKiller\quarantine\569120E0C3639CD7.vir\PremierOpinion.lnk, Quarantined, [2216], [178970],1.0.9308
PUP.Optional.SearchManager, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2048], [183362],1.0.9308
PUP.Optional.WinYahoo, C:\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6VEUKYI2.DEFAULT\SEARCHPLUGINS\YAHOO! POWERED SEARCH.XML, Quarantined, [237], [302288],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\000003.log, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\CURRENT, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\LOCK, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\LOG, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\LOG.old, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cglnkolnaldeeolpbfpgemdanfcgiklp\MANIFEST-000001, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGLNKOLNALDEEOLPBFPGEMDANFCGIKLP\3.8_0\CHROMERESTORE.JS, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\css\description.css, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\css\popup.css, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\html\popup\description.html, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\html\popup\popup.html, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\js\popup\popup.js, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\js\userNewTab.js, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\newtab\quicktab.html, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_locales\en\messages.json, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\_metadata\verified_contents.json, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\after.js, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\background.js, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\contentscript.js, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\icon.png, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cglnkolnaldeeolpbfpgemdanfcgiklp\3.8_0\manifest.json, Quarantined, [219], [454579],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\000003.log, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\CURRENT, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\LOCK, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\LOG, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\LOG.old, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kmomlllimffhhfhfoikjdkcjlebmnjmn\MANIFEST-000001, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KMOMLLLIMFFHHFHFOIKJDKCJLEBMNJMN\3.3_0\BACKGROUND.JS, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\css\description.css, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\css\popup.css, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\html\popup\description.html, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\html\popup\popup.html, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\js\popup\popup.js, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\js\userNewTab.js, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\newtab\newtab.html, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_locales\en\messages.json, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_metadata\computed_hashes.json, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\_metadata\verified_contents.json, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\contentscript.js, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\icon.png, Quarantined, [219], [495178],1.0.9308
PUP.Optional.Spigot.Generic, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmomlllimffhhfhfoikjdkcjlebmnjmn\3.3_0\manifest.json, Quarantined, [219], [495178],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRA~2\PREMIE~1\PMROPN32.EXE, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRA~2\PREMIE~1\PMROPN64.EXE, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\COMPONENTS\PMXG.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMPH.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\990CB3AB29F27E13.VIR\PMROPN64.EXE, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\FIREFOX\PMNX.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMXF.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\990CB3AB29F27E13.VIR\PMROPN32.EXE, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMLS.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMROPN64.EXE, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMROPN32.EXE, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMROPN.EXE, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMLS64.DLL, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0F7778F85B3E60C4.VIR\PMSERVICE.EXE, Quarantined, [10315], [299817],1.0.9308
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\990CB3AB29F27E13.VIR\PMROPN.EXE, Quarantined, [10315], [299817],1.0.9308
Generic.Malware/Suspicious, C:\USERS\JAKE\APPDATA\ROAMING\JJSPLOIT\__INSTALLER.EXE, Quarantined, [0], [392686],1.0.9308
PUP.Optional.SearchManager.BITSRST, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [265], [626729],1.0.9308
PUP.Optional.SearchManager.BITSRST, C:\USERS\JAKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [265], [626729],1.0.9308

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-15.6 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-17-2019
# Duration: 00:00:12
# OS: Windows 10 Home
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\PremierOpinion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F94D0AB9-94F3-40D1-A170-654BB3A35310}C:\program files (x86)\premieropinion\pmropn.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1848 octets] - [17/02/2019 15:56:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.02.2019
Ran by Jake (18-02-2019 19:17:26)
Running from C:\Users\Jake\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-08-07 19:56:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3070637302-2056889590-1829843764-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3070637302-2056889590-1829843764-503 - Limited - Disabled)
Guest (S-1-5-21-3070637302-2056889590-1829843764-501 - Limited - Disabled)
Jake (S-1-5-21-3070637302-2056889590-1829843764-1001 - Administrator - Enabled) => C:\Users\Jake
WDAGUtilityAccount (S-1-5-21-3070637302-2056889590-1829843764-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-85f384e8-faeb-48a8-8854-75aedf21aa14) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 71.0.1037.98 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Awakening: The Dreamless Castle (HKLM-x32\...\WTA-1942fc4d-ce20-43af-a5e6-cf8edaa4de45) (Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-919ca29c-b54b-4971-b163-0a772bfe5def) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-1dc5aaa3-3497-4400-9006-2f23b8d83c0c) (Version: 3.0.2.48 - WildTangent) Hidden
calibre (HKLM-x32\...\{B67713B4-83B9-496D-8B26-EBC27F10D562}) (Version: 2.85.1 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{020D236C-0860-8700-6645-A8D7DF7D1219}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B8D846ED-A061-FC73-1A80-E45A70FC8BE1}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{05B3192F-37A6-D1F0-365B-476D69C3F0D2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{5FBFEC71-C194-6D96-21D9-80C183E25878}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9A841032-8472-D1CE-0ACB-E399AC7A2199}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9DF52711-9C0C-5B80-6304-49CE67D2824D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{7516F9DE-6B63-B709-84CE-3098F06DD318}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{AF5429E4-27FD-3F52-A54D-6BD8F4A68963}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{5BA23300-0626-7146-471A-5BF56F8B5CBD}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{3FF26615-BB9E-2C89-6532-4B6215A20BB5}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{58EB8CBE-C35C-ADE2-1F58-0F9D453976D4}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B84C4DE7-F6A1-CC2A-9EE3-781DC5D600C2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{401E894B-7172-98C5-0DA6-A05F78EE79B9}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{A3A601FE-245E-B0EE-F0B1-DDACCBBFDF7B}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6332ED4-35E5-CC2A-4E37-612FC1985994}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{89551DFD-EC10-8C4C-E127-9EEB614346FA}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{9E3D8484-056C-E087-D6F4-FCCD5EF6FABB}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{ADC3E089-7CA6-E182-26B3-A7DA6438636D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01C748AD-07EC-9D6B-3F15-43D49C5E9DE6}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{E5407BDB-DAF1-F28E-B835-BB90F20A3333}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{9A8954B1-8591-D49B-F337-800094222F7E}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-08509b4b-cbbb-44ff-a99e-40dd918f7d54) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-3ff72a1c-2bce-41ef-b467-ae6da88e037b) (Version: 3.0.2.59 - WildTangent) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hard Time (HKLM-x32\...\Hard Time) (Version: - MDickie)
Home Makeover (HKLM-x32\...\WTA-a20ca41a-19dd-4e0a-bd40-1dcc67d332bb) (Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-d99a62d4-31c5-4bc7-b4e1-311ea7698a55) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.7.50.3 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.10.49.21 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
IGT Slots Fire Rubies (HKLM-x32\...\WTA-44f5d1ee-4fad-4c53-ab0e-efdeee12f04a) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-c4332c52-ebce-4876-853c-826dcb7e8bf6) (Version: 3.0.2.59 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-0580b873-0ccd-4ce5-8ade-5e1782e82aa9) (Version: 3.0.2.118 - WildTangent) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Little Boy: Walter's Scooter (HKLM-x32\...\WTA-ffaa1a54-6dd1-4d1f-8b4e-3f73442078f4) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-9541e647-4f4e-4e38-a62a-d04e8233bc96) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-692a9377-cc58-45c8-b8ef-b7e1d3ace27c) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11231.20174 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Plagiarii (HKLM-x32\...\WTA-f4535862-815d-42bf-b8d8-b93e19c197f6) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-80b0a5b1-d118-4915-a869-0d0b075d85e4) (Version: 3.0.2.59 - WildTangent) Hidden
PuppetShow: Return to Joyville (HKLM-x32\...\WTA-9ab39b41-6a78-4ecd-b3db-19de39be9599) (Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (HKLM-x32\...\WTA-0fc9fbb6-a5cc-482a-b202-6adc019d9201) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7743 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.69 - REALTEK Semiconductor Corp.)
Regency Solitaire (HKLM-x32\...\WTA-1c934972-1aaa-45f7-a8a6-331440f7073a) (Version: 3.0.2.126 - WildTangent) Hidden
Roblox Player for Jake (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Jake (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
Roblox Studio for Jake (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\roblox-studio) (Version: - Roblox Corporation)
RogueKiller version 13.1.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.1.4.0 - Adlice Software)
Runefall (HKLM-x32\...\WTA-9f87d66e-86b4-4d40-935a-c36c2a9ee1a7) (Version: 3.0.2.126 - WildTangent) Hidden
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Scratch 2 Offline Editor (HKLM-x32\...\{6E988774-5309-E02E-7EA8-F19CB65C2063}) (Version: 255 - Massachusetts Institute of Technology) Hidden
Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 461 - Massachusetts Institute of Technology)
Stardock Start10 (HKLM\...\Start10_is1) (Version: 1.0 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StudioTax 2016 (HKLM-x32\...\{77DBD10C-44F6-421F-826A-202CEB287790}) (Version: 12.0.5.1 - BHOK IT Consulting)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Tasty Blue (HKLM-x32\...\WTA-55787782-2e68-4306-9b6c-d44b00b8ac40) (Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (HKLM-x32\...\WTA-adc10ec0-891e-4b6e-b4db-46ee6d5f6b08) (Version: 3.0.2.59 - WildTangent) Hidden
The Fastest Mouse Clicker for Windows version 1.9.8.2 (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\The Fastest Mouse Clicker for Windows_is1) (Version: 1.9.8.2 - Open Source Developer Masha Novedad (twitter.com/WIN_2048_CLUB))
The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
WebM Project Directshow Filters (HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3070637302-2056889590-1829843764-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C289CA-3FC1-4CE2-940A-5DF8184D8F6C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {06A4BFAE-A170-4C05-A189-8DBD19FBA346} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {0AAC2CE2-EBBD-42F7-AEA2-4317984593B9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {14DE5A68-79C8-482F-A85E-C337066257E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {24635D48-CF83-4E51-8A22-DE10A2BFE712} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {296E9B2A-E5FB-476E-BCC7-4BFA385F3F8B} - System32\Tasks\HPCeeScheduleForJake => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> Hewlett-Packard)
Task: {30781664-400F-4B04-8C46-663306F4E500} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe (AVAST Software a.s. -> AVAST Software)
Task: {38415E3D-0481-4FCF-B95D-3713BDA7014D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {40287A7A-15E2-4F46-9B1D-27185FEE108C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4B27BAF1-6507-4940-9771-0E77FA89B5B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (Hewlett Packard -> HP Inc.)
Task: {51F9C584-CA0F-4891-9F61-14CDB24A3ACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {54CDD5CA-3226-4AD6-A422-A44817E6398F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {5EBA1901-0999-4606-B343-460CFB1DA384} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {670A8BB3-4F7C-41F8-8160-A1A8081F15EB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6BFB9FDE-89A5-4EA2-B30D-550949AC79F3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6D208375-17E5-4C4A-BC94-283E8F9D70B0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {80C6220C-8E2A-4527-8129-328006E84511} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {847E76D4-2938-4D81-B138-D025C7BB2C78} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe (Dropbox, Inc -> )
Task: {85859139-617A-4330-8A6E-8F9CFA421F19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {85C964C2-8F10-4BDB-9329-184D8C31E011} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {868FAA82-6A58-42BA-988D-C4E173EC19BF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {88A2FFD0-A03E-4D06-8A7F-F6B01139F2F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {8D228364-236A-413D-AC02-BED78D746949} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {8E7254A3-64F6-4B7D-9BB6-E158F405044C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {91E8CBCE-7500-4702-BF87-08CA82080EF1} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {ACD214D7-490A-4EA6-8D86-9DBE53F9F71D} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software a.s. -> AVAST Software)
Task: {B5275FC9-FB04-4DF5-BAEC-B4935CEAA21C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {B69CDBA5-AB36-4B9E-844B-C546BCE23C83} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CD09CB53-87ED-4E90-900E-D14D0C51044E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CF56029A-8895-4A03-9501-2006E4373F59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {DAAFC2BB-0AAC-4214-9586-98FF3515F11B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E418C63C-5F48-4D79-A07E-7794586B73D7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {E838EDDC-7BF0-4688-8B27-9177EBFFDDB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJake.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scratch\Scratch Website.lnk -> hxxp://scratch.mit.edu

==================== Loaded Modules (Whitelisted) ==============

2016-10-28 12:35 - 2014-04-14 22:29 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-12-25 08:13 - 2016-12-25 08:14 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2018-04-11 20:04 - 2018-04-11 20:04 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 20:04 - 2018-04-11 20:04 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-14 17:28 - 2018-11-08 22:47 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-19 00:42 - 2019-01-01 03:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-06-25 21:04 - 2015-06-25 21:04 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 21:07 - 2015-06-25 21:07 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 21:05 - 2015-06-25 21:05 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 21:08 - 2015-06-25 21:08 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 20:23 - 2015-06-25 20:23 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 20:21 - 2015-06-25 20:21 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-08-03 11:18 - 2018-08-03 11:19 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-24 16:17 - 2018-10-24 16:44 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-17 15:49 - 2019-02-17 15:50 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-17 15:49 - 2019-02-17 15:50 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-02-17 15:49 - 2019-02-17 15:50 - 010541568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-17 15:49 - 2019-02-17 15:50 - 002933760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-17 15:49 - 2019-02-17 15:50 - 000688640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2019-02-17 15:49 - 2019-02-17 15:50 - 002362096 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2019-01-08 20:06 - 2019-01-08 20:06 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-02-07 15:26 - 2019-02-07 15:26 - 000321928 _____ () C:\Program Files\AVAST Software\Avast\serialization.dll
2019-02-07 15:26 - 2019-02-07 15:26 - 000654216 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-02-17 15:49 - 2019-02-17 15:50 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-10 10:37 - 2019-02-10 10:38 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-07 16:14 - 2019-02-07 16:14 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-03 11:17 - 2018-08-03 11:18 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 18:57 - 2018-11-29 18:58 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-07 16:14 - 2019-02-07 16:14 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-07 16:14 - 2019-02-07 16:14 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2019-02-16 00:11 - 2019-02-13 01:44 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-16 00:11 - 2019-02-13 01:44 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2019-02-07 16:21 - 2019-02-07 18:42 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-07 16:21 - 2019-02-07 18:42 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-08-03 11:29 - 2018-08-03 11:33 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-02-07 16:21 - 2019-02-07 18:42 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-19 18:02 - 2019-01-19 18:03 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-07 16:21 - 2019-02-07 18:43 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-07 16:21 - 2019-02-07 18:41 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 19:56 - 2018-08-30 19:57 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-08-03 11:29 - 2018-08-03 11:32 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-07 16:16 - 2019-02-07 16:16 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-08 19:43 - 2018-11-08 19:44 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-07 16:16 - 2019-02-07 16:16 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2016-12-25 08:13 - 2016-12-25 08:18 - 038907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:54 - 2019-01-04 22:43 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts


2018-12-16 13:36 - 2018-12-16 14:27 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 24.222.0.94 - 24.222.0.95
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{B560FE2F-21B6-46CD-AA47-7AFC4BA919B2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{45A5C16B-B976-41D7-923E-355B31877F18}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{4FBEA59E-C429-455D-9EE2-1C9D2E69631E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{4E43AD26-FBFE-40A6-82DB-283390F8D481}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{1BBD540C-2E22-455C-9C4B-7E1140A4B619}] => (Allow) C:\Users\Jake\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{400B0BD6-3722-4DB4-8410-9267A6591B1A}] => (Allow) C:\Users\Jake\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{BBEE0259-BEC9-4819-B297-0C1B1D1602A8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe No File
FirewallRules: [{084B65EB-1F3E-4405-A941-E19107099916}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe No File
FirewallRules: [{41D5A2BF-8F72-4EC0-82AF-CF22B8300DA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B295BCCB-70B6-43B3-BB56-B34D66774B56}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{63FAD1F1-667D-414C-BB84-1CD653036299}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{57F3618C-FF3F-4960-B354-6329F77397F6}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{9773208F-3679-45E2-88E3-2851C395B8CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93D2D973-D4D2-460E-B6CA-4D0B9A703DC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1885E8EF-4F87-41D7-AFFD-94EE0AB5D4B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B06E836-4C29-4183-B28B-FF49D19742CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F04F6867-2245-46B4-8845-6831CA1193D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{30E3AF2A-65A1-4E00-A927-215391EA867C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{DD00ABC1-0FB4-40E7-B731-C20EE486255B}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe ()
FirewallRules: [UDP Query User{887C10D2-1D03-4DAD-9959-C0C1437DB365}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe ()
FirewallRules: [{EAF0950C-64E7-49C2-98AA-EBA9E629452D}] => (Block) C:\program files (x86)\calibre2\calibre.exe ()
FirewallRules: [{E8A0A622-143E-4D31-8B15-333F6FD52079}] => (Block) C:\program files (x86)\calibre2\calibre.exe ()
FirewallRules: [TCP Query User{316A00D6-844D-4835-9C1D-10739C8197AE}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [UDP Query User{51CED2FC-1145-4443-BBA8-B9AD99F47BE8}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [TCP Query User{53C12259-6B9C-49E5-B835-D08741F94A34}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [UDP Query User{318A1A19-A014-4995-B287-D31E17C8A152}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [{878AAF98-BEA7-427D-83EC-C27AD4130280}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{60936E6C-529E-45ED-A9D7-E561E8E7CB90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A6F6CDAD-EC6A-41EC-BDC6-449570F67C2B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F7510907-4928-4DBF-9E3A-7755329ACB09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B681D270-8320-4966-8E26-6078E80A46D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS -> Reto-Moto ApS)
FirewallRules: [{D039E9EC-4FA3-41C8-B2BC-327C1E2E9891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS -> Reto-Moto ApS)
FirewallRules: [{47D7F506-C68E-436D-BE1D-45FF9285EB0D}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{E255F00E-D270-44A4-8810-DF19A86647A3}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{E8F5B78C-EED6-4D0F-91DA-AB6A84BB82E2}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{EFDB9C0F-FB27-4FF7-BD5F-19A5D362BD8A}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{7E35175E-2D77-41A5-9E62-0882BA2C7723}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{3526840F-3E5E-4963-BF19-E5BD433DE178}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{C6E12266-1343-43E1-85B7-B056D819FFB7}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{2E93B21B-5FD5-4956-B48E-9DB3C3A90910}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{82A7F702-A11F-4ECE-8874-049208FA5DD6}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{D0C8AC0C-EAF4-4A9F-8F19-E15EE2D48F88}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{E6CA2FAA-E484-467E-A414-E94A10FE955D}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{C2BE29C5-589F-481D-A4DB-5E7F1ED71DEF}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{C9ABD743-664C-4545-A3EF-5076826A3764}] => (Allow) C:\Users\Jake\Downloads\meteor 60 seconds\Steam.exe No File
FirewallRules: [{62B78029-B63C-4215-BD46-5E7BEE576B3F}] => (Allow) C:\Users\Jake\Downloads\meteor 60 seconds\Steam.exe No File
FirewallRules: [{B696F37F-E6AB-461B-AE6A-A5DEBDB09B4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06A22BCF-7651-48E3-89D6-BAFB16B55F54}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{585C3E60-5B39-4C99-8C79-CCD6012ED50D}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{7BE996EE-1D43-412F-8DAE-60DA2F4B1594}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{6743CD1F-C994-4DAA-945F-9450288AEDAD}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{414AF3AB-07C6-44B6-B99D-663245A96A19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

07-02-2019 19:54:44 Scheduled Checkpoint
12-02-2019 10:05:18 Windows Update
17-02-2019 14:47:28 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2019 11:08:05 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/17/2019 04:57:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x56f72873
Faulting module name: AdaptiveSleepService.exe, version: 0.0.0.0, time stamp: 0x56f72873
Exception code: 0xc0000005
Fault offset: 0x000000000000b9f4
Faulting process id: 0x1fa8
Faulting application start time: 0x01d4c6f7e4eb635c
Faulting application path: c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
Faulting module path: c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
Report Id: 4d48393f-1612-4d3d-b393-16c020a2e0e0
Faulting package full name:
Faulting package-relative application ID:

Error: (02/17/2019 04:03:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_fb409dd930672a56.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_42edd4b044e3535c.manifest.

Error: (02/17/2019 03:58:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_fb409dd930672a56.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_42edd4b044e3535c.manifest.

Error: (02/17/2019 03:38:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_fb409dd930672a56.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_42edd4b044e3535c.manifest.

Error: (02/17/2019 03:34:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.17134.1, time stamp: 0x96e0391b
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000409
Fault offset: 0x000000000008b3ef
Faulting process id: 0x3714
Faulting application start time: 0x01d4c6f39b4ea520
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0a71f358-78c8-4e31-a3de-5cf4767e4710
Faulting package full name: Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1

Error: (02/17/2019 03:34:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.17134.1, time stamp: 0x96e0391b
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000409
Fault offset: 0x000000000008b3ef
Faulting process id: 0x25f8
Faulting application start time: 0x01d4c6f38d92ab5d
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1f447952-0428-4440-b6a7-87787deec432
Faulting package full name: Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1

Error: (02/17/2019 03:33:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.17134.1, time stamp: 0x96e0391b
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000409
Fault offset: 0x000000000008b3ef
Faulting process id: 0x1894
Faulting application start time: 0x01d4c6f385e183c5
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 895387fb-cdbf-442d-9a1f-001af81b51fd
Faulting package full name: Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1


System errors:
=============
Error: (02/18/2019 02:42:47 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2PTBAV14)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-2PTBAV14\Jake SID (S-1-5-21-3070637302-2056889590-1829843764-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2019 10:43:10 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2PTBAV14)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-2PTBAV14\Jake SID (S-1-5-21-3070637302-2056889590-1829843764-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2019 06:45:21 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2PTBAV14)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-2PTBAV14\Jake SID (S-1-5-21-3070637302-2056889590-1829843764-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2019 03:49:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/17/2019 11:19:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/17/2019 07:34:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/17/2019 04:57:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdaptiveSleepService service terminated unexpectedly. It has done this 1 time(s).

Error: (02/17/2019 04:18:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-09-14 21:56:44.804
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

CodeIntegrity:
===================================

Date: 2019-02-17 15:27:41.379
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-17 15:27:41.304
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-17 15:27:41.058
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-17 15:27:41.001
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-17 15:26:55.746
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-17 15:26:19.359
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-17 15:26:19.315
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-02-17 15:26:19.295
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info ===========================

Processor: AMD E2-7110 APU with AMD Radeon R2 Graphics
Percentage of memory in use: 73%
Total physical RAM: 3529.01 MB
Available physical RAM: 921.91 MB
Total Virtual: 6217.01 MB
Available Virtual: 2566.5 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.28 GB) (Free:325.71 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.25 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{96bcdb8c-dbf0-4a95-b839-34ce7c0f7d2a}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.42 GB) NTFS
\\?\Volume{db445438-544b-4b96-b8c7-f0ec6d2687ce}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D3A0881B)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.02.2019
Ran by Jake (administrator) on LAPTOP-2PTBAV14 (18-02-2019 19:13:32)
Running from C:\Users\Jake\Downloads
Loaded Profiles: Jake (Available Profiles: Jake)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [StartCN] => c:\Program Files\AMD\CNext\CNext\cnext.exe [4998856 2016-03-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [Discord] => C:\Users\Jake\AppData\Local\Discord\app-0.0.298\Discord.exe
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [Steam] => "C:\Users\Jake\Downloads\meteor 60 seconds\steam.exe" -silent
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35195280 2019-02-02] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\Installer\chrmstp.exe [2019-01-18] (AVAST Software s.r.o. -> AVAST Software)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{a10f5569-fa0e-4652-bc5f-661a1838cc41}: [DhcpNameServer] 24.222.0.94 24.222.0.95

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3070637302-2056889590-1829843764-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {45739E94-3E6C-4C14-BF04-5CD1EEEC0AC4} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {45739E94-3E6C-4C14-BF04-5CD1EEEC0AC4} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3070637302-2056889590-1829843764-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3070637302-2056889590-1829843764-1001 -> {45739E94-3E6C-4C14-BF04-5CD1EEEC0AC4} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-07] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6veukyi2.default
FF ProfilePath: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default [2019-02-17]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default\Extensions\sp@avast.com.xpi [2018-10-26] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6veukyi2.default\Extensions\wrc@avast.com.xpi [2018-08-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3070637302-2056889590-1829843764-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jake\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-20] (Citrix Online)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default [2019-02-18]
CHR Extension: (Slides) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-02]
CHR Extension: (Docs) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-02]
CHR Extension: (Google Drive) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-25]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-08-02]
CHR Extension: (YouTube) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-25]
CHR Extension: ( Colorful Galaxy) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaabbbedehhbogefnfdakijemlefkkeh [2018-11-17]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-07]
CHR Extension: (Sheets) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Avast Online Security) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-02-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-02-07]
CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-01-05]
CHR Extension: (Popup Blocker Pro) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-09-14]
CHR Extension: (Custom Progress Bar for YouTube™) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkomboflhdlliegkaiepilnfmophgfg [2018-11-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-03]
CHR Extension: (Gmail) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-03-26] () [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [249344 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-06] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe [390552 2019-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013280 2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [722216 2017-08-09] (Reto-Moto ApS -> Reto-Moto ApS) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-12-25] (AVAST Software a.s. -> )
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Corporation -> Stardock Software, Inc)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27384 2016-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [23983104 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [674816 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2016-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [225680 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196072 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320696 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57960 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249672 2019-02-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167304 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034432 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474456 2019-02-15] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216784 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379952 2019-02-07] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-17] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-17] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek Semiconductor Corp -> Realtek )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [62568 2016-03-14] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-02-14] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-18 19:13 - 2019-02-18 19:13 - 000000000 ____D C:\Users\Jake\Downloads\FRST-OlderVersion
2019-02-17 16:09 - 2019-02-17 16:09 - 007316688 _____ (Malwarebytes) C:\Users\Jake\Downloads\AdwCleaner (1).exe
2019-02-17 16:07 - 2019-02-17 16:08 - 064642304 _____ (Malwarebytes ) C:\Users\Jake\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9294 (2).exe
2019-02-17 16:04 - 2019-02-17 16:04 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-17 16:03 - 2019-02-17 16:03 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-17 16:03 - 2019-02-17 16:03 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-17 16:03 - 2019-02-17 16:03 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-17 15:54 - 2019-02-17 15:58 - 000000000 ____D C:\AdwCleaner
2019-02-17 15:54 - 2019-02-17 15:54 - 007316688 _____ (Malwarebytes) C:\Users\Jake\Downloads\AdwCleaner.exe
2019-02-17 15:50 - 2019-02-17 15:51 - 064642304 _____ (Malwarebytes ) C:\Users\Jake\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9294 (1).exe
2019-02-17 15:20 - 2019-02-17 15:20 - 000000000 ____D C:\Users\Jake\AppData\Local\mbam
2019-02-17 15:19 - 2019-02-17 15:19 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-17 15:19 - 2019-02-17 15:19 - 000000000 ____D C:\Users\Jake\AppData\Local\mbamtray
2019-02-17 15:19 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-17 15:18 - 2019-02-17 15:18 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-17 15:18 - 2019-02-17 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-17 15:18 - 2019-02-17 15:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-17 15:18 - 2019-02-17 15:18 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-17 15:18 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-17 15:15 - 2019-02-17 15:17 - 064642304 _____ (Malwarebytes ) C:\Users\Jake\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9294.exe
2019-02-17 15:04 - 2019-02-17 15:04 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-17 15:04 - 2019-02-17 15:04 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-17 15:04 - 2019-02-17 15:04 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-17 15:04 - 2019-02-17 15:04 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-17 15:04 - 2019-02-17 15:04 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-17 15:04 - 2019-02-17 15:04 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-17 15:04 - 2019-02-17 15:04 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-02-17 15:04 - 2019-02-17 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-02-13 16:09 - 2019-02-14 13:49 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-02-13 16:06 - 2019-02-13 16:06 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-02-13 16:06 - 2019-02-13 16:06 - 000000000 ____D C:\ProgramData\RogueKiller
2019-02-13 16:06 - 2019-02-13 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-02-13 16:06 - 2019-02-13 16:06 - 000000000 ____D C:\Program Files\RogueKiller
2019-02-13 16:02 - 2019-02-13 16:04 - 029333240 _____ (Adlice Software ) C:\Users\Jake\Downloads\RogueKiller_setup_ref3.exe
2019-02-13 03:29 - 2019-02-13 03:29 - 000249672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-02-10 11:10 - 2019-02-10 11:10 - 001160760 _____ (Roblox Corporation) C:\Users\Jake\Downloads\RobloxPlayerLauncher (1).exe
2019-02-09 18:56 - 2019-02-09 18:56 - 000000000 ___HD C:\OneDriveTemp
2019-02-09 18:47 - 2019-02-09 18:47 - 001160760 _____ (Roblox Corporation) C:\Users\Jake\Downloads\RobloxPlayerLauncher.exe
2019-02-07 16:07 - 2019-02-07 16:10 - 000056917 _____ C:\Users\Jake\Downloads\Addition.txt
2019-02-07 16:01 - 2019-02-18 19:15 - 000024452 _____ C:\Users\Jake\Downloads\FRST.txt
2019-02-07 16:00 - 2019-02-18 19:13 - 002434560 _____ (Farbar) C:\Users\Jake\Downloads\FRST64.exe
2019-02-07 15:27 - 2019-02-07 15:26 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-01-24 21:15 - 2018-09-20 00:42 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-01-23 23:42 - 2019-02-07 15:26 - 000225680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-01-19 00:44 - 2019-01-01 03:42 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-19 00:44 - 2019-01-01 03:25 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-19 00:44 - 2019-01-01 03:20 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-19 00:44 - 2019-01-01 03:07 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-19 00:43 - 2019-01-01 10:16 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-19 00:43 - 2019-01-01 09:50 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-19 00:43 - 2019-01-01 03:44 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-19 00:43 - 2019-01-01 03:43 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-19 00:43 - 2019-01-01 03:42 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-19 00:43 - 2019-01-01 03:42 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-19 00:43 - 2019-01-01 03:42 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-19 00:43 - 2019-01-01 03:20 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-19 00:43 - 2019-01-01 03:15 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-19 00:43 - 2019-01-01 03:15 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-19 00:43 - 2019-01-01 03:12 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-19 00:43 - 2019-01-01 03:07 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-19 00:43 - 2019-01-01 03:07 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-19 00:43 - 2019-01-01 02:59 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-19 00:43 - 2019-01-01 02:52 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-19 00:43 - 2019-01-01 02:46 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-19 00:43 - 2019-01-01 02:44 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-19 00:42 - 2019-01-01 10:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-19 00:42 - 2019-01-01 10:17 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-19 00:42 - 2019-01-01 10:15 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-19 00:42 - 2019-01-01 10:15 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-19 00:42 - 2019-01-01 10:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-19 00:42 - 2019-01-01 09:50 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-19 00:42 - 2019-01-01 09:48 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-19 00:42 - 2019-01-01 09:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-19 00:42 - 2019-01-01 03:44 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-19 00:42 - 2019-01-01 03:44 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-19 00:42 - 2019-01-01 03:44 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-19 00:42 - 2019-01-01 03:44 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-19 00:42 - 2019-01-01 03:44 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-19 00:42 - 2019-01-01 03:43 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-19 00:42 - 2019-01-01 03:43 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-19 00:42 - 2019-01-01 03:43 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-19 00:42 - 2019-01-01 03:43 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-19 00:42 - 2019-01-01 03:42 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-19 00:42 - 2019-01-01 03:42 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-19 00:42 - 2019-01-01 03:42 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-19 00:42 - 2019-01-01 03:42 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-19 00:42 - 2019-01-01 03:42 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-19 00:42 - 2019-01-01 03:18 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-19 00:42 - 2019-01-01 03:18 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-19 00:42 - 2019-01-01 03:18 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-19 00:42 - 2019-01-01 03:17 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-19 00:42 - 2019-01-01 03:17 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-19 00:42 - 2019-01-01 03:16 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-19 00:42 - 2019-01-01 03:16 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-19 00:42 - 2019-01-01 03:16 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-19 00:42 - 2019-01-01 03:15 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-19 00:42 - 2019-01-01 03:14 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-19 00:42 - 2019-01-01 03:13 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-19 00:42 - 2019-01-01 03:12 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-19 00:42 - 2019-01-01 03:12 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-19 00:42 - 2019-01-01 03:12 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-19 00:42 - 2019-01-01 03:11 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-19 00:42 - 2019-01-01 03:11 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-19 00:42 - 2019-01-01 03:11 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-19 00:42 - 2019-01-01 03:11 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-19 00:42 - 2019-01-01 03:07 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-19 00:42 - 2019-01-01 03:07 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-19 00:42 - 2019-01-01 03:07 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-19 00:42 - 2019-01-01 03:07 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-19 00:42 - 2019-01-01 02:47 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-19 00:42 - 2019-01-01 02:46 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-19 00:42 - 2019-01-01 02:46 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-19 00:42 - 2019-01-01 02:45 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-19 00:42 - 2019-01-01 02:45 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-19 00:42 - 2019-01-01 02:45 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-19 00:42 - 2019-01-01 02:45 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-19 00:42 - 2019-01-01 02:44 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-19 00:42 - 2019-01-01 02:44 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-19 00:42 - 2019-01-01 02:43 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-19 00:42 - 2019-01-01 02:43 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-19 00:42 - 2019-01-01 02:43 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-19 00:42 - 2019-01-01 02:42 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-19 00:42 - 2019-01-01 02:42 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-19 00:42 - 2019-01-01 02:42 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-19 00:42 - 2019-01-01 02:42 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-19 00:42 - 2019-01-01 01:53 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-19 00:42 - 2018-12-19 01:19 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-18 19:13 - 2017-02-09 00:04 - 000000000 ____D C:\FRST
2019-02-18 19:10 - 2018-08-07 15:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-18 19:10 - 2018-04-11 20:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-18 18:47 - 2018-08-16 15:42 - 000001254 _____ C:\Users\Jake\Desktop\Roblox Studio.lnk
2019-02-18 18:47 - 2016-12-25 09:37 - 000001439 _____ C:\Users\Jake\Desktop\Roblox Player.lnk
2019-02-18 18:47 - 2016-12-25 09:36 - 000000000 ____D C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2019-02-18 18:11 - 2018-04-11 20:08 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-18 18:11 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-18 17:14 - 2018-08-07 16:24 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B590357-4583-438D-856B-F467EF773583}
2019-02-18 15:37 - 2018-12-17 15:32 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJake
2019-02-18 15:37 - 2018-12-17 15:32 - 000000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJake.job
2019-02-17 16:07 - 2018-08-05 09:07 - 000000000 ____D C:\Users\Jake\AppData\Local\AVAST Software
2019-02-17 16:05 - 2016-12-25 08:15 - 000000000 ___RD C:\Users\Jake\OneDrive
2019-02-17 16:03 - 2018-08-07 16:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-17 16:02 - 2018-04-11 17:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-17 16:02 - 2017-08-04 00:39 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-02-17 15:37 - 2016-04-15 15:44 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-02-17 15:37 - 2016-04-15 15:44 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-02-17 15:36 - 2018-08-07 15:53 - 000000000 ____D C:\Users\Jake
2019-02-17 15:35 - 2018-08-15 10:37 - 000000000 ____D C:\Users\Jake\AppData\Roaming\JJSploit
2019-02-17 15:34 - 2017-03-18 17:33 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-02-17 15:19 - 2018-04-11 20:08 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-17 15:11 - 2018-08-07 16:24 - 000003462 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-02-17 15:11 - 2018-08-07 16:24 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-17 15:11 - 2018-08-07 16:24 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-17 15:11 - 2018-08-07 16:24 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3070637302-2056889590-1829843764-1001
2019-02-17 15:11 - 2018-08-07 16:24 - 000002542 _____ C:\WINDOWS\System32\Tasks\HPDAS
2019-02-17 15:11 - 2018-08-07 16:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-02-17 15:10 - 2018-08-07 16:24 - 000003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-02-17 15:10 - 2018-08-07 16:24 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-17 15:10 - 2018-08-07 16:24 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-02-17 15:10 - 2018-08-07 16:24 - 000003238 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-02-17 15:10 - 2018-08-07 16:24 - 000002262 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2019-02-17 15:00 - 2016-04-15 15:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-17 14:55 - 2018-08-02 21:14 - 000000000 ____D C:\Program Files\rempl
2019-02-16 00:11 - 2016-12-25 08:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-16 00:11 - 2016-12-25 08:19 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-15 23:57 - 2018-08-07 14:31 - 000474456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-02-13 16:37 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-13 04:19 - 2018-04-11 20:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 04:18 - 2016-12-25 20:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 04:11 - 2016-12-25 20:58 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 21:57 - 2018-08-07 12:23 - 000000000 ___DC C:\WINDOWS\Panther
2019-02-12 17:55 - 2018-08-07 16:23 - 000024768 _____ C:\WINDOWS\diagwrn.xml
2019-02-12 17:55 - 2018-08-07 16:23 - 000024768 _____ C:\WINDOWS\diagerr.xml
2019-02-12 13:58 - 2018-04-11 17:34 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-12 12:59 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\Registration
2019-02-12 12:58 - 2018-09-15 06:13 - 000000000 ___HD C:\$WINDOWS.~BT
2019-02-12 12:56 - 2018-04-11 20:06 - 000000000 ____D C:\WINDOWS\INF
2019-02-12 08:02 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-12 08:02 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-09 18:59 - 2016-12-25 09:36 - 000000250 _____ C:\Users\Jake\AppData\LocalLow\rbxcsettings.rbx
2019-02-09 18:56 - 2018-08-07 15:53 - 000002371 _____ C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-08 23:30 - 2018-08-04 08:37 - 000000000 ____D C:\Users\Jake\AppData\Local\CrashDumps
2019-02-07 16:18 - 2018-08-07 17:53 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 15:29 - 2018-08-07 16:24 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-02-07 15:27 - 2018-11-09 19:42 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000379952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000216784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000167304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-02-07 15:27 - 2018-08-07 14:31 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-02-07 15:26 - 2019-01-08 20:07 - 000320696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-02-07 15:26 - 2019-01-08 20:07 - 000196072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-02-07 15:26 - 2019-01-08 20:07 - 000057960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-02-07 15:26 - 2019-01-08 20:07 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-02-07 15:26 - 2018-08-07 14:31 - 001034432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-02-07 15:26 - 2018-08-07 14:31 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-02-07 15:20 - 2018-08-07 17:44 - 000000000 ____D C:\Users\Jake\AppData\Local\D3DSCache
2019-02-02 19:23 - 2018-11-13 22:14 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 19:23 - 2018-11-13 22:14 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-23 23:20 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-23 23:20 - 2018-04-11 20:08 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-19 17:32 - 2017-06-01 10:14 - 000000000 ____D C:\Users\Jake\AppData\Local\ElevatedDiagnostics
2019-01-19 02:01 - 2018-08-06 08:51 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-01-19 02:01 - 2018-08-06 08:51 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk

==================== Files in the root of some directories =======

2018-08-12 09:29 - 2018-11-01 16:58 - 000000137 _____ () C:\Users\Jake\AppData\Roaming\WB.CFG
2018-08-10 21:18 - 2018-08-10 21:18 - 000000000 _____ () C:\Users\Jake\AppData\Local\{41EE71FF-EFB5-49DF-9D56-CFE2A2E0B1C8}
2018-09-24 14:29 - 2018-09-24 14:29 - 000000153 _____ () C:\Users\Jake\AppData\Local\{49954250-F5D9-4A1A-B981-7E3A25B48E7E}
2018-09-26 15:31 - 2018-09-26 15:31 - 000000153 _____ () C:\Users\Jake\AppData\Local\{63A19B7C-4F55-45DE-8BA8-210E4C525227}
2018-09-30 11:08 - 2018-09-30 11:08 - 000000153 _____ () C:\Users\Jake\AppData\Local\{78AC3382-522F-495E-9223-C8F97CDA9FD8}
2018-11-07 16:33 - 2018-11-07 16:33 - 000000153 _____ () C:\Users\Jake\AppData\Local\{94176826-0879-4352-8756-29C89D1AAFE1}
2018-09-23 09:15 - 2018-09-23 09:15 - 000000153 _____ () C:\Users\Jake\AppData\Local\{E0423D9D-F355-41D9-8DCD-6C3D43472C4B}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-07 15:47

==================== End of FRST.txt ============================

 

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

P.S. For whatever reason I can't attach "fixlist" file.
Let me see if I can do it in next reply.

 

One more try...
It doesn't work so I had to upload it here: https://www.sendspace.com/file/tq4wao

 

I haven't been able to connect to the internet for a few days. (my own internet issues following an area outage). Hope this works!!

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Jake (22-02-2019 13:18:12) Run:1
Running from C:\Users\Jake\Desktop
Loaded Profiles: Jake (Available Profiles: Jake)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {5EBA1901-0999-4606-B343-460CFB1DA384} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
FirewallRules: [{1BBD540C-2E22-455C-9C4B-7E1140A4B619}] => (Allow) C:\Users\Jake\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{400B0BD6-3722-4DB4-8410-9267A6591B1A}] => (Allow) C:\Users\Jake\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{BBEE0259-BEC9-4819-B297-0C1B1D1602A8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe No File
FirewallRules: [{084B65EB-1F3E-4405-A941-E19107099916}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe No File
FirewallRules: [{B295BCCB-70B6-43B3-BB56-B34D66774B56}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{57F3618C-FF3F-4960-B354-6329F77397F6}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [TCP Query User{316A00D6-844D-4835-9C1D-10739C8197AE}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [UDP Query User{51CED2FC-1145-4443-BBA8-B9AD99F47BE8}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [TCP Query User{53C12259-6B9C-49E5-B835-D08741F94A34}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [UDP Query User{318A1A19-A014-4995-B287-D31E17C8A152}C:\users\jake\appdata\local\warthunder\win64\aces.exe] => (Block) C:\users\jake\appdata\local\warthunder\win64\aces.exe No File
FirewallRules: [{47D7F506-C68E-436D-BE1D-45FF9285EB0D}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{E255F00E-D270-44A4-8810-DF19A86647A3}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{E8F5B78C-EED6-4D0F-91DA-AB6A84BB82E2}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{EFDB9C0F-FB27-4FF7-BD5F-19A5D362BD8A}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{7E35175E-2D77-41A5-9E62-0882BA2C7723}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{3526840F-3E5E-4963-BF19-E5BD433DE178}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{C6E12266-1343-43E1-85B7-B056D819FFB7}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{2E93B21B-5FD5-4956-B48E-9DB3C3A90910}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe No File
FirewallRules: [{82A7F702-A11F-4ECE-8874-049208FA5DD6}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{D0C8AC0C-EAF4-4A9F-8F19-E15EE2D48F88}] => (Allow) D:\KOPLAYER\KOPLAYER.exe No File
FirewallRules: [{E6CA2FAA-E484-467E-A414-E94A10FE955D}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{C2BE29C5-589F-481D-A4DB-5E7F1ED71DEF}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe No File
FirewallRules: [{C9ABD743-664C-4545-A3EF-5076826A3764}] => (Allow) C:\Users\Jake\Downloads\meteor 60 seconds\Steam.exe No File
FirewallRules: [{62B78029-B63C-4215-BD46-5E7BEE576B3F}] => (Allow) C:\Users\Jake\Downloads\meteor 60 seconds\Steam.exe No File
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
2018-08-12 09:29 - 2018-11-01 16:58 - 000000137 _____ () C:\Users\Jake\AppData\Roaming\WB.CFG
2018-08-10 21:18 - 2018-08-10 21:18 - 000000000 _____ () C:\Users\Jake\AppData\Local\{41EE71FF-EFB5-49DF-9D56-CFE2A2E0B1C8}
2018-09-24 14:29 - 2018-09-24 14:29 - 000000153 _____ () C:\Users\Jake\AppData\Local\{49954250-F5D9-4A1A-B981-7E3A25B48E7E}
2018-09-26 15:31 - 2018-09-26 15:31 - 000000153 _____ () C:\Users\Jake\AppData\Local\{63A19B7C-4F55-45DE-8BA8-210E4C525227}
2018-09-30 11:08 - 2018-09-30 11:08 - 000000153 _____ () C:\Users\Jake\AppData\Local\{78AC3382-522F-495E-9223-C8F97CDA9FD8}
2018-11-07 16:33 - 2018-11-07 16:33 - 000000153 _____ () C:\Users\Jake\AppData\Local\{94176826-0879-4352-8756-29C89D1AAFE1}
2018-09-23 09:15 - 2018-09-23 09:15 - 000000153 _____ () C:\Users\Jake\AppData\Local\{E0423D9D-F355-41D9-8DCD-6C3D43472C4B}

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EBA1901-0999-4606-B343-460CFB1DA384}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EBA1901-0999-4606-B343-460CFB1DA384}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1BBD540C-2E22-455C-9C4B-7E1140A4B619}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{400B0BD6-3722-4DB4-8410-9267A6591B1A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBEE0259-BEC9-4819-B297-0C1B1D1602A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{084B65EB-1F3E-4405-A941-E19107099916}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B295BCCB-70B6-43B3-BB56-B34D66774B56}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57F3618C-FF3F-4960-B354-6329F77397F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{316A00D6-844D-4835-9C1D-10739C8197AE}C:\users\jake\appdata\local\warthunder\win64\aces.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{51CED2FC-1145-4443-BBA8-B9AD99F47BE8}C:\users\jake\appdata\local\warthunder\win64\aces.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{53C12259-6B9C-49E5-B835-D08741F94A34}C:\users\jake\appdata\local\warthunder\win64\aces.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{318A1A19-A014-4995-B287-D31E17C8A152}C:\users\jake\appdata\local\warthunder\win64\aces.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47D7F506-C68E-436D-BE1D-45FF9285EB0D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E255F00E-D270-44A4-8810-DF19A86647A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8F5B78C-EED6-4D0F-91DA-AB6A84BB82E2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFDB9C0F-FB27-4FF7-BD5F-19A5D362BD8A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E35175E-2D77-41A5-9E62-0882BA2C7723}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3526840F-3E5E-4963-BF19-E5BD433DE178}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6E12266-1343-43E1-85B7-B056D819FFB7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E93B21B-5FD5-4956-B48E-9DB3C3A90910}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82A7F702-A11F-4ECE-8874-049208FA5DD6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0C8AC0C-EAF4-4A9F-8F19-E15EE2D48F88}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6CA2FAA-E484-467E-A414-E94A10FE955D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2BE29C5-589F-481D-A4DB-5E7F1ED71DEF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9ABD743-664C-4545-A3EF-5076826A3764}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62B78029-B63C-4215-BD46-5E7BEE576B3F}" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\Users\Jake\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Jake\AppData\Local\{41EE71FF-EFB5-49DF-9D56-CFE2A2E0B1C8} => moved successfully
C:\Users\Jake\AppData\Local\{49954250-F5D9-4A1A-B981-7E3A25B48E7E} => moved successfully
C:\Users\Jake\AppData\Local\{63A19B7C-4F55-45DE-8BA8-210E4C525227} => moved successfully
C:\Users\Jake\AppData\Local\{78AC3382-522F-495E-9223-C8F97CDA9FD8} => moved successfully
C:\Users\Jake\AppData\Local\{94176826-0879-4352-8756-29C89D1AAFE1} => moved successfully
C:\Users\Jake\AppData\Local\{E0423D9D-F355-41D9-8DCD-6C3D43472C4B} => moved successfully

==== End of Fixlog 13:18:19 ====

 

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program