1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Possible infection on my computer

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by norman, Nov 9, 2019.

Page 1 of 2
  1. norman

    norman Established Techie7 Member

    Here are the two logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2019 01
    Ran by Norman Norris (administrator) on LAPTOP-62QKKGVS (ASUSTeK COMPUTER INC. Zen AIO 24 ZN242GD_ZN242GD) (09-11-2019 12:30:26)
    Running from C:\Users\Norman Norris\Desktop
    Loaded Profiles: Norman Norris (Available Profiles: Norman Norris)
    Platform: Windows 10 Home Version 1809 17763.805 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
    (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
    (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
    (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsHidSrv64.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsLdrSrv64.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsMonStartupTask64.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\ATKOSD2.exe
    (ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Norman Norris\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\net.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\net1.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.793_none_7defe5934d1eb33a\TiWorker.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
    (NETGEAR TAIWAN CO., LTD -> ) D:\NETGEAR Genie\bin\genie2_tray.exe
    (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.) D:\NETGEAR Genie\bin\NETGEARGenie.exe
    (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
    (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
    (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
    ==================== Registry (Whitelisted) ===================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\...\Run: [NETGEARGenie] => D:\NETGEAR Genie\bin\NETGEARGenie.exe [610904 2018-07-22] (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [221184 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.87\Installer\chrmstp.exe [2019-11-05] (Google LLC -> Google LLC)
    ==================== Scheduled Tasks (Whitelisted) ============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {0F9DBD9F-3579-462B-AE8A-064280549389} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [176080 2018-02-13] (ASUSTeK Computer Inc. -> ASUSTek Computer INC.)
    Task: {11781D81-6239-4BDD-BD38-6CBAF072D873} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156504 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {1A21379D-D515-4452-93BC-210F8D069E5A} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-62QKKGVS-Norman Norris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {231FBB30-450F-4460-9DF7-4F480100328B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    Task: {2908A6C7-DFD7-490D-8CB1-D7538928188C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {29618372-49F1-4D47-8D18-A72E152CA66E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {4F031DAF-92F7-4546-B3F9-1DC43885520E} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {5B1D7177-537C-475B-8E57-7A5719FB1CFD} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {6217D72C-74D3-47BB-8FCF-9430702764EC} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
    Task: {6673EA1E-1711-491C-8E24-F9AB2BE9CCBA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {677409C1-1BF3-458C-A2F3-C665D3936D61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-11] (Google Inc -> Google LLC)
    Task: {6B35BEEB-A80C-4223-B9A0-3CB48A94FC8F} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    Task: {7E5B0A49-B366-41B8-86E8-0035397D884D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {8322E433-5761-4A8E-94D6-FD793CBFA9FE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {8C726E3C-698C-41D8-9652-1959994E643D} - System32\Tasks\ASUS Hello => C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe [609168 2017-12-22] (ASUSTeK Computer Inc. -> )
    Task: {8D67E46D-31E4-4565-AAE7-15F48B84D817} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2378024 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {8E837BCD-30D1-4B97-A569-F8E974A3D083} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {9DE5398A-9A30-486D-89F9-AED88C050824} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
    Task: {A24BEDB4-0E15-4BC0-9EE3-27AEB069833B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2169960 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {A5AC24D8-7925-491E-9D12-C351AE35F5A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {A850BCE9-BDC4-41F3-B48C-1740E1C0E90F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-11] (Google Inc -> Google LLC)
    Task: {B3EA480C-5B16-461B-9F1B-729BC44169AB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156504 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D1EF52E5-AE90-4B25-A35D-3BC87E1EB4DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D9D621B0-F2DC-4DEA-8A03-DF542AA5A631} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {DCEE6A8D-7BB4-4230-8E55-AFFCE625085B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2169960 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {E3FD1104-B799-4221-BE42-F83A0396A1DC} - System32\Tasks\Opera scheduled Autoupdate 1552439915 => C:\Users\Norman Norris\AppData\Local\Programs\Opera\launcher.exe
    Task: {EFC803C8-F435-4D76-A834-DA8297E64BBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {F211B5BB-1642-436D-8AF1-BC81536EED07} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {FBA86FFE-86CF-4531-BE1F-199E8AE230DE} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {FE0193A2-BF46-4DE1-B2F6-FC8F40A444B2} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{974da473-8be5-409a-8552-d8500e9b8bdb}: [DhcpNameServer] 192.168.1.1
    Internet Explorer:
    ==================
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131969135319015822&GUID=B94ABDC1-D9BA-4BA3-A3B9-EB24535A7D14
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
    SearchScopes: HKU\S-1-5-21-2858588385-335921699-3881707971-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2858588385-335921699-3881707971-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Edge:
    ======
    DownloadDir: D:\Downloads
    FireFox:
    ========
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-28] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.msn.com/"
    CHR NewTab: Default -> Active:"chrome-extension://cfacibcmkcdppnkgennkfaepplpkblmp/newtab/quicknewtabpage.html"
    CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> se
    CHR DefaultSuggestURL: Default -> hxxps://www.searchencrypt.com/encsuggest?q={searchTerms}
    CHR Notifications: Default -> hxxps://search.hearthandsatellitemaps.com; hxxps://www.youtube.com
    CHR Profile: C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default [2019-05-12]
    CHR Extension: (Slides) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-11]
    CHR Extension: (Docs) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-11]
    CHR Extension: (Google Drive) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-11]
    CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-05-11]
    CHR Extension: (YouTube) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-11]
    CHR Extension: (Earth And Satelite Maps) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp [2019-05-11]
    CHR Extension: (Sheets) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-11]
    CHR Extension: (iCloud Bookmarks) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2019-05-11]
    CHR Extension: (Google Docs Offline) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-11]
    CHR Extension: (Search Encrypt) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnlabkgljnlaidbnocfhgdeajcgmahml [2019-05-11]
    CHR Extension: (Avast Online Security) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-05-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-11]
    CHR Extension: (Gmail) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-11]
    CHR Extension: (Chrome Media Router) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-11]
    ==================== Services (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsHidSrv64.exe [171912 2018-01-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsLdrSrv64.exe [202120 2018-01-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11642744 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
    S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
    R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1646120 2018-02-04] (Intel(R) pGFX -> Intel Corporation)
    R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [539024 2019-03-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [767184 2018-06-11] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [727224 2018-06-11] (Intel(R) Trust Services -> Intel(R) Corporation)
    R2 jhi_service; C:\WINDOWS\System32\jhi_service.exe [576560 2018-06-27] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-08-03] (Intel Corporation -> )
    S3 NETGEARGenieDaemon; D:\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-04] (Netgear Incorporated -> NETGEAR)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
    R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 ZenAnywhere; C:\Program Files\Orbweb Inc\ZenAnywhere\ZenAnywhere.exe [154560 2018-02-07] (Orbweb Taiwan Inc. -> Orbweb Inc.)
    S3 ZenAnywhere Updater; C:\Program Files\Orbweb Inc\ZenAnywhere\updater.exe [154560 2018-02-07] (Orbweb Taiwan Inc. -> Orbweb Inc.)
    S3 ZenAnywhereNetworkService; C:\Program Files\Orbweb Inc\ZenAnywhere\bin\ZenAnywhereNetworkService.exe [67520 2017-04-07] (Orbweb Taiwan Inc. -> Orbweb Inc.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4060256 2018-08-03] (Intel Corporation -> Intel® Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    ===================== Drivers (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [109008 2017-10-17] (Alcor Micro, Corp. -> )
    S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\atkwmiacpi64.sys [30600 2018-01-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [76696 2017-10-27] (Intel Corporation -> Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [70040 2017-10-27] (Intel Corporation -> Intel Corporation)
    R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [399264 2017-10-27] (Intel Corporation -> Intel Corporation)
    R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [942128 2018-02-13] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R3 ibtusb; C:\WINDOWS\System32\drivers\ibtusb.sys [198168 2018-04-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8743448 2018-04-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2019-09-10] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaki.inf_amd64_32392337f3ae9e64\nvlddmkm.sys [22738296 2019-10-23] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-16] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 RealWoW60; C:\WINDOWS\system32\DRIVERS\RealWoW60.sys [39432 2017-04-07] (Realtek Semiconductor Corp. -> Realtek semiconductor corp)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-10-19] (Realtek Semiconductor Corp. -> Realtek )
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-10-28] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-28] (Microsoft Windows -> Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One month (created) ===================
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-11-09 12:30 - 2019-11-09 12:31 - 000031683 _____ C:\Users\Norman Norris\Desktop\FRST.txt
    2019-11-09 12:30 - 2019-11-09 12:30 - 000000000 ____D C:\FRST
    2019-11-09 12:29 - 2019-11-09 12:29 - 002259968 _____ (Farbar) C:\Users\Norman Norris\Desktop\FRST64.exe
    2019-11-09 12:25 - 2019-11-09 12:25 - 000001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk
    2019-11-09 12:22 - 2019-11-09 12:22 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
    2019-11-09 12:19 - 2019-11-09 12:19 - 000000000 ___HD C:\OneDriveTemp
    2019-11-08 16:48 - 2019-11-08 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxon
    2019-11-08 16:47 - 2019-11-08 16:48 - 000000000 ____D C:\Program Files\Maxon Cinema 4D R21
    2019-11-08 16:46 - 2019-11-08 16:46 - 000001252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk
    2019-11-08 16:43 - 2019-11-08 16:43 - 000001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
    2019-11-07 20:50 - 2019-11-07 20:50 - 000001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver 2020.lnk
    2019-11-07 20:46 - 2019-11-07 20:46 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
    2019-11-07 20:46 - 2019-11-07 20:46 - 000001040 _____ C:\Users\Norman Norris\Desktop\Lightroom.lnk
    2019-11-07 20:43 - 2019-11-07 20:43 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk
    2019-11-05 17:01 - 2019-11-05 17:01 - 000000000 ____D C:\WINDOWS\Panther
    2019-10-29 18:49 - 2019-10-23 09:11 - 001073872 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 001073872 _____ C:\WINDOWS\system32\vulkan-1.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 000931536 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 000931536 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 000848592 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
    2019-10-29 18:49 - 2019-10-23 09:11 - 000848592 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2019-10-29 18:49 - 2019-10-23 09:11 - 000706256 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
    2019-10-29 18:49 - 2019-10-23 09:11 - 000706256 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2019-10-29 18:49 - 2019-10-23 09:11 - 000450440 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 000353712 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 011838808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 010163632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 000825720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 000677792 _____ C:\WINDOWS\system32\nvofapi64.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 000545160 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 040512072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 017460128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 015028368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 005381496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 004715968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 002074312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001733504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6444108.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001567664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001490864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6444108.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001483184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001371040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001145856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001064368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 000814592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 000684992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 000659888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 000556464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2019-10-29 18:49 - 2019-10-23 09:08 - 035380264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2019-10-29 18:49 - 2019-10-23 09:07 - 004206064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2019-10-23 14:18 - 2019-10-23 14:18 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2019.lnk
    ==================== One month (modified) ==================
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-11-09 12:30 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
    2019-11-09 12:28 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-11-09 12:25 - 2019-08-21 13:53 - 000000000 ___HD C:\adobeTemp
    2019-11-09 12:25 - 2018-08-04 06:36 - 000000000 ____D C:\Program Files\Adobe
    2019-11-09 12:25 - 2018-05-18 19:09 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-11-09 12:22 - 2019-02-22 20:42 - 000004182 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{CCB92E55-D84A-457E-B563-A5588401D966}
    2019-11-09 12:19 - 2019-09-10 14:13 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\NETGEARGenie
    2019-11-09 12:19 - 2018-08-04 06:40 - 000000000 ___RD C:\Users\Norman Norris\Creative Cloud Files
    2019-11-09 12:19 - 2018-08-04 06:18 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\Adobe
    2019-11-09 12:19 - 2018-08-03 08:18 - 000000000 ___RD C:\Users\Norman Norris\OneDrive
    2019-11-08 22:15 - 2019-02-22 20:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-11-08 16:43 - 2018-08-04 07:03 - 000000000 ____D C:\Program Files\Common Files\Adobe
    2019-11-08 16:43 - 2018-08-04 06:20 - 000000000 ____D C:\ProgramData\Adobe
    2019-11-08 16:43 - 2018-08-03 08:17 - 000000000 ____D C:\Users\Norman Norris\AppData\Roaming\Adobe
    2019-11-08 16:38 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-11-08 16:38 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-11-07 20:41 - 2018-08-02 16:48 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\CrashDumps
    2019-11-05 17:07 - 2019-02-22 20:46 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-11-05 17:01 - 2019-02-22 20:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-11-05 17:01 - 2018-09-02 15:27 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\D3DSCache
    2019-11-05 17:01 - 2018-08-05 06:04 - 000000000 ____D C:\ProgramData\Packages
    2019-11-05 17:00 - 2018-09-15 01:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-11-05 17:00 - 2018-05-18 19:09 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2019-11-05 15:57 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-11-05 15:54 - 2019-05-11 12:57 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-11-05 15:54 - 2019-05-11 12:57 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-11-05 15:54 - 2019-05-11 12:57 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2019-11-05 15:48 - 2019-05-11 12:57 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2019-11-05 15:48 - 2019-05-11 12:57 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2019-11-05 15:48 - 2018-08-09 18:51 - 000000000 ____D C:\Program Files (x86)\Google
    2019-11-04 18:15 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2019-11-04 18:15 - 2018-08-02 19:11 - 000000000 ____D C:\Program Files\Microsoft Office
    2019-10-30 17:45 - 2018-05-18 19:09 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2019-10-29 18:50 - 2018-05-18 19:09 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2019-10-28 18:36 - 2018-08-03 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-10-23 09:07 - 2019-01-15 17:33 - 004936384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2019-10-22 18:14 - 2019-02-22 20:42 - 000003394 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2858588385-335921699-3881707971-1001
    2019-10-22 18:14 - 2019-02-22 20:38 - 000002436 _____ C:\Users\Norman Norris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-10-22 14:56 - 2019-01-15 17:33 - 000056015 _____ C:\WINDOWS\system32\nvinfo.pb
    2019-10-22 13:10 - 2018-05-18 19:09 - 005530608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 002637152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 001768456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 000655808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 000451608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 000124784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 000083392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2019-10-22 12:37 - 2018-05-18 19:09 - 008764732 _____ C:\WINDOWS\system32\nvcoproc.bin
    2019-10-18 19:34 - 2019-10-01 21:08 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
    2019-10-10 15:04 - 2018-08-04 06:28 - 000001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2019-10-10 15:04 - 2018-08-04 06:28 - 000001354 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2019-10-10 15:04 - 2018-08-04 06:28 - 000001354 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk
    2019-10-10 15:04 - 2018-08-04 06:20 - 000000000 ____D C:\Program Files (x86)\Adobe
    ==================== Files in the root of some directories ========
    2018-10-07 12:11 - 2018-10-10 19:52 - 000001456 _____ () C:\Users\Norman Norris\AppData\Local\Adobe Save for Web 13.0 Prefs
    2018-09-26 14:55 - 2018-09-26 14:55 - 000000000 _____ () C:\Users\Norman Norris\AppData\Local\oobelibMkey.log
    ==================== SigCheck ============================
    (There is no automatic fix for files that do not pass verification.)
    ==================== End of FRST.txt ========================


    2Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2019 01
    Ran by Norman Norris (09-11-2019 12:31:23)
    Running from C:\Users\Norman Norris\Desktop
    Windows 10 Home Version 1809 17763.805 (X64) (2019-02-23 01:42:18)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-2858588385-335921699-3881707971-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2858588385-335921699-3881707971-503 - Limited - Disabled)
    Guest (S-1-5-21-2858588385-335921699-3881707971-501 - Limited - Disabled)
    Norman Norris (S-1-5-21-2858588385-335921699-3881707971-1001 - Administrator - Enabled) => C:\Users\Norman Norris
    WDAGUtilityAccount (S-1-5-21-2858588385-335921699-3881707971-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1_3) (Version: 16.1.3 - Adobe Systems Incorporated)
    Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0) (Version: 17.0 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
    Adobe Dreamweaver 2019 (HKLM-x32\...\DRWV_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated)
    Adobe Dreamweaver 2020 (HKLM-x32\...\DRWV_20_0) (Version: 20.0 - Adobe Systems Incorporated)
    Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_0) (Version: 24.0 - Adobe Systems Incorporated)
    Adobe Lightroom (HKLM-x32\...\LRCC_3_0) (Version: 3.0 - Adobe Systems Incorporated)
    Adobe Lightroom Classic (HKLM-x32\...\LTRM_9_0) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Media Encoder 2019 (HKLM-x32\...\AME_13_1_5) (Version: 13.1.5 - Adobe Systems Incorporated)
    Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0) (Version: 14.0 - Adobe Systems Incorporated)
    Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0) (Version: 21.0 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_7) (Version: 20.0.7 - Adobe Systems Incorporated)
    ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
    ASUS Hello (HKLM-x32\...\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.87 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
    Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
    Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00002030-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.30.2 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{86310f5b-bdb9-47b7-9ff9-d633944adc43}) (Version: 20.80.0.0u - Intel Corporation)
    Maxon Cinema 4D R21 (HKLM\...\Maxon Cinema 4D R21) (Version: R21 - Maxon)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12130.20272 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2858588385-335921699-3881707971-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.60.00 - NETGEAR Inc.)
    NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
    NVIDIA Graphics Driver 441.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.08 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.7 - ASUSTeK COMPUTER INC.)
    ZenAnywhere (HKLM\...\{F5FAC87D-741C-4891-B113-19C9725E8368}) (Version: 4.5.30 - Orbweb Inc.) Hidden
    ZenAnywhere (HKLM-x32\...\ZenAnywhere 4.5.30) (Version: 4.5.30 - Orbweb Inc.)
    Packages:
    =========
    Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-07-22] (Adobe Systems Incorporated)
    Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_24.1.22.6_x64__adky2gkssdxte [2019-11-07] (Adobe Systems Incorporated)
    ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.7.0_x64__qmba6cd70vzyy [2019-04-25] (ASUSTeK COMPUTER INC.)
    ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-18] (ASUSTeK COMPUTER INC.) [Startup Task]
    ASUS Product Registration Program -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgram_3.0.3.0_x86__qmba6cd70vzyy [2018-08-02] (ASUSTeK COMPUTER INC.) [Startup Task]
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.2.6.0_x86__kgqvnymyfvs32 [2019-11-02] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1630.7.0_x86__kgqvnymyfvs32 [2019-11-04] (king.com)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-02] (king.com)
    Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_6.0.0.3_x86__m9bz608c1b9ra [2019-10-08] (Nordcurrent)
    Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_4.9.0.11_x86__h6adky7gbf63m [2019-11-07] (Gameloft.)
    Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.31.3102.0_x86__ytsefhwckbdv6 [2019-11-04] (G5 Entertainment AB)
    iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa [2019-11-02] (Apple Inc.) [Startup Task]
    LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-08-02] (LinkedIn)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-04] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
    Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2018-10-27] (Microsoft Platform Extensions)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Studios) [MS Ad]
    Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.13.34.0_x64__8wekyb3d8bbwe [2019-11-02] (Microsoft Studios)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
    MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-05-18] (ASUSTeK COMPUTER INC.) [Startup Task]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-11-02] (Netflix, Inc.)
    Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-06-12] (Realtek Semiconductor Corp)
    Splendid -> C:\Program Files\WindowsApps\B9ECED6F.Splendid_1.0.14.0_x64__qmba6cd70vzyy [2019-04-16] (ASUSTeK COMPUTER INC.)
    WPS Office for ASUS -> C:\Program Files\WindowsApps\ZhuhaiKingsoftOfficeSoftw.WPSOffice_11.2.8340.0_x86__924xes6e8q1tw [2019-11-04] (Kingsoft Office Software Corporation Limited)
    ==================== Custom CLSID (Whitelisted): ==============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-2858588385-335921699-3881707971-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4D8BEBF55BC9} -> [Creative Cloud Files] => C:\Users\Norman Norris\Creative Cloud Files [2018-08-04 06:40]
    CustomCLSID: HKU\S-1-5-21-2858588385-335921699-3881707971-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-22] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ==================== Codecs (Whitelisted) ====================
    ==================== Shortcuts & WMI ========================
    ==================== Loaded Modules (Whitelisted) =============
    2016-03-02 23:17 - 2016-03-02 23:17 - 000136704 _____ () [File not signed] D:\NETGEAR Genie\bin\airprintdll.dll
    2016-03-02 23:17 - 2016-03-02 23:17 - 000146944 _____ () [File not signed] D:\NETGEAR Genie\bin\DiagnoseDll.dll
    2016-01-14 21:06 - 2016-01-14 21:06 - 000057344 _____ () [File not signed] D:\NETGEAR Genie\bin\DiagnosePlugin.dll
    2016-02-22 03:25 - 2016-02-22 03:25 - 000116224 _____ () [File not signed] D:\NETGEAR Genie\bin\DragonNetTool.dll
    2015-08-24 03:41 - 2015-08-24 03:41 - 002360622 _____ () [File not signed] D:\NETGEAR Genie\bin\drivers\libntgr_api.dll
    2019-05-22 03:09 - 2019-05-22 03:09 - 000713728 _____ () [File not signed] D:\NETGEAR Genie\bin\Genie.dll
    2018-07-19 23:31 - 2018-07-19 23:31 - 000168448 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
    2018-07-19 23:31 - 2018-07-19 23:31 - 000591872 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Internet.dll
    2019-05-15 03:07 - 2019-05-15 03:07 - 006903808 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Map.dll
    2018-07-19 23:36 - 2018-07-19 23:36 - 002980352 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
    2019-05-15 03:07 - 2019-05-15 03:07 - 000967168 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
    2019-04-19 01:38 - 2019-04-19 01:38 - 001259520 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
    2018-11-21 20:58 - 2018-11-21 20:58 - 011973632 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Resource.dll
    2019-05-15 03:05 - 2019-05-15 03:05 - 002683392 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
    2019-05-22 04:51 - 2019-05-22 04:51 - 000278528 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
    2019-05-22 03:14 - 2019-05-22 03:14 - 000888832 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Ui.dll
    2018-11-20 05:34 - 2018-11-20 05:34 - 000422400 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
    2018-12-12 05:36 - 2018-12-12 05:36 - 000633344 _____ () [File not signed] D:\NETGEAR Genie\bin\InnerPlugin_Update.dll
    2018-07-19 23:33 - 2018-07-19 23:33 - 000433664 _____ () [File not signed] D:\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
    2014-12-21 11:07 - 2014-12-21 11:07 - 000119822 _____ () [File not signed] D:\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
    2014-12-21 11:07 - 2014-12-21 11:07 - 001026062 _____ () [File not signed] D:\NETGEAR Genie\bin\libstdc++-6.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000111616 _____ () [File not signed] D:\NETGEAR Genie\bin\libvlc.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 002285056 _____ () [File not signed] D:\NETGEAR Genie\bin\libvlccore.dll
    2016-03-02 23:17 - 2016-03-02 23:17 - 000074752 _____ () [File not signed] D:\NETGEAR Genie\bin\NetcardApi.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000219648 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000049664 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000051200 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000051200 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\control\libhotkeys_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000037376 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\mmxext\libmemcpymmxext_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000070144 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
    2016-02-26 05:07 - 2016-02-26 05:07 - 000049152 _____ () [File not signed] D:\NETGEAR Genie\bin\QRCode.dll
    2016-08-15 03:28 - 2016-08-15 03:28 - 001125888 _____ () [File not signed] D:\NETGEAR Genie\bin\qwt.dll
    2019-05-22 03:13 - 2019-05-22 03:13 - 001701376 _____ () [File not signed] D:\NETGEAR Genie\bin\SvtNetworkTool.dll
    2016-03-02 23:17 - 2016-03-02 23:17 - 000072192 _____ () [File not signed] D:\NETGEAR Genie\bin\SVTUtils.dll
    2016-01-14 21:23 - 2016-01-14 21:23 - 000026112 _____ () [File not signed] D:\NETGEAR Genie\bin\WSetupApiPlugin.dll
    2016-04-12 01:13 - 2016-04-12 01:13 - 000067072 _____ () [File not signed] D:\NETGEAR Genie\bin\WSetupDll.dll
    2014-12-21 11:07 - 2014-12-21 11:07 - 000049152 _____ (MingW-W64 Project. All rights reserved.) [File not signed] D:\NETGEAR Genie\bin\libwinpthread-1.dll
    2013-02-19 01:46 - 2013-02-19 01:46 - 000220160 _____ (NETGEAR Inc.) [File not signed] D:\NETGEAR Genie\bin\drivers\NETGEAR_PLC_L2_API.dll
    2014-03-23 21:32 - 2014-03-23 21:32 - 000060273 _____ (Open Source Software community project) [File not signed] D:\NETGEAR Genie\bin\pthreadGC2.dll
    2013-02-10 20:35 - 2013-02-10 20:35 - 001178624 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\NETGEAR Genie\bin\LIBEAY32.dll
    2013-02-10 20:35 - 2013-02-10 20:35 - 000269824 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\NETGEAR Genie\bin\ssleay32.dll
    2015-10-12 14:44 - 2015-10-12 14:44 - 000033280 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qgif.dll
    2015-10-12 14:45 - 2015-10-12 14:45 - 000034816 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qico.dll
    2015-10-12 14:45 - 2015-10-12 14:45 - 000246784 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qjpeg.dll
    2015-10-12 14:58 - 2015-10-12 14:58 - 000366592 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qmng.dll
    2015-10-12 14:48 - 2015-10-12 14:48 - 000028672 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qsvg.dll
    2015-10-12 14:58 - 2015-10-12 14:58 - 000027648 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qtga.dll
    2015-10-12 14:58 - 2015-10-12 14:58 - 000433664 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qtiff.dll
    2015-10-12 14:58 - 2015-10-12 14:58 - 000027136 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qwbmp.dll
    2015-10-12 14:46 - 2015-10-12 14:46 - 001413632 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\platforms\qwindows.dll
    2015-10-12 14:47 - 2015-10-12 14:47 - 000044544 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
    2015-11-18 23:54 - 2015-11-18 23:54 - 005391360 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Core.dll
    2015-10-12 14:31 - 2015-10-12 14:31 - 005334528 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Gui.dll
    2015-10-12 14:26 - 2015-10-12 14:26 - 001528832 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Network.dll
    2015-10-12 14:42 - 2015-10-12 14:42 - 000334848 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5OpenGL.dll
    2016-04-12 21:52 - 2016-04-12 21:52 - 000357888 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5PrintSupport.dll
    2015-10-12 14:48 - 2015-10-12 14:48 - 000331776 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Svg.dll
    2015-10-12 14:37 - 2015-10-12 14:37 - 006541824 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Widgets.dll
    2015-10-12 14:25 - 2015-10-12 14:25 - 000237056 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Xml.dll
    ==================== Alternate Data Streams (Whitelisted) ========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\Users\Norman Norris\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    ==================== Safe Mode (Whitelisted) ==================
    ==================== Association (Whitelisted) =================
    ==================== Internet Explorer trusted/restricted ==========
    ==================== Hosts content: =========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
    ==================== Other Areas ===========================
    (Currently there is no automatic fix for this section.)
    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    ==================== FirewallRules (Whitelisted) ================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{66179DC2-4E7B-4DBB-B37F-E6DBED776ACC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{F0DCC11D-8739-4B76-BD8B-A4D520DE9F1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{AC48F4EF-6273-475F-BCCA-AF0B5A6CC114}] => (Allow) C:\Users\Norman Norris\AppData\Local\Programs\Opera\58.0.3135.90\opera.exe No File
    FirewallRules: [{E510D59E-2902-46DC-8CC4-4BC183761734}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
    FirewallRules: [TCP Query User{51D181AA-D16D-404E-B472-8778E4ED36BB}D:\netgear genie\bin\netgeargenie.exe] => (Allow) D:\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    FirewallRules: [UDP Query User{4FA92FA8-7C49-47BE-9D34-7A75E0045F79}D:\netgear genie\bin\netgeargenie.exe] => (Allow) D:\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    FirewallRules: [{055DE629-11C4-4E79-8653-C4D4D252C1EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{E8C95346-37E8-4AB7-8DCE-C33B3F19FDA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{E6190289-C08E-49E3-B4A5-F5D87D048FC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{B0120B2C-0AA1-4217-9C01-01B1F96CBBCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{5C33C0CA-9745-45FE-BC9D-30D83D9AF7D1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{6CE4DFEF-4E2C-46F3-B242-0695FB289E27}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{9083BAD3-8BD8-4DBC-BE74-CBD7A20294F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{47322B2E-E0AA-4AF7-AB90-DF201BF17CF4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{29ABF649-A1CB-4BFC-87F6-F22D678D9621}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{45BC80FB-F6AE-4E18-9991-A02349AA1ADC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{2D80E5EC-AC21-42F3-988D-56CAAEF678F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{9F719C89-849D-4E38-80C9-8C88C186232A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{BFB41692-E4D7-4F34-961B-3DEE31090535}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{67995AB4-F5B5-46B4-8EBA-B173DF6FAC64}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    ==================== Restore Points =========================
    ATTENTION: System Restore is disabled (Total:118.19 GB) (Free:6.34 GB) (5%)
    ==================== Faulty Device Manager Devices ============

    ==================== Event log errors: ========================
    Application errors:
    ==================
    Error: (11/07/2019 08:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdobeNotificationClient.exe, version: 4.9.0.484, time stamp: 0x5d0b467b
    Faulting module name: AdobeNotificationClient.exe, version: 4.9.0.484, time stamp: 0x5d0b467b
    Exception code: 0x80000003
    Fault offset: 0x0000b311
    Faulting process id: 0x435c
    Faulting application start time: 0x01d595d5931faa12
    Faulting application path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Faulting module path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Report Id: dba805e2-285b-48c6-8f16-b2644106af96
    Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
    Faulting package-relative application ID: App
    Error: (11/04/2019 06:12:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AdobeNotificationClient.exe version 4.9.0.484 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 3d80
    Start Time: 01d593655ae00e62
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Report Id: 962962f3-ba8e-46bb-ae57-8e0f55e194a8
    Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (11/03/2019 05:36:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17763.1, time stamp: 0x90f701bc
    Faulting module name: EdgeContent.dll, version: 11.0.17763.802, time stamp: 0xff258093
    Exception code: 0xc0000409
    Fault offset: 0x00000000000ae915
    Faulting process id: 0x4130
    Faulting application start time: 0x01d59256957490e3
    Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
    Faulting module path: C:\Windows\System32\EdgeContent.dll
    Report Id: 6e038b09-b69a-42b4-98d4-945d1dc988c5
    Faulting package full name: Microsoft.MicrosoftEdge_44.17763.771.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: MicrosoftEdge
    Error: (10/31/2019 07:04:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AdobeNotificationClient.exe version 4.9.0.484 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 1cfc
    Start Time: 01d59047e3df81a0
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Report Id: 30787653-e52e-43f1-b885-05fb56e5fe00
    Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (10/27/2019 03:53:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17763.1, time stamp: 0x90f701bc
    Faulting module name: EdgeContent.dll, version: 11.0.17763.802, time stamp: 0xff258093
    Exception code: 0xc0000409
    Fault offset: 0x00000000000ae915
    Faulting process id: 0x498c
    Faulting application start time: 0x01d58ced5ea72464
    Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
    Faulting module path: C:\Windows\System32\EdgeContent.dll
    Report Id: aa0e5312-dd99-4637-84ef-1e28ac9e8de5
    Faulting package full name: Microsoft.MicrosoftEdge_44.17763.771.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: MicrosoftEdge
    Error: (10/11/2019 03:30:16 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
    Description: Event-ID 0
    Error: (10/10/2019 03:05:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AdobeNotificationClient.exe version 4.9.0.484 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 22cc
    Start Time: 01d57fa598fc5753
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Report Id: 26cbf05f-3b25-4c83-a8b1-f4e3f7c075e5
    Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (10/07/2019 07:08:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HxAccounts.exe, version: 16.0.12026.20218, time stamp: 0x5d81ddff
    Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17763.771, time stamp: 0xf9ab778e
    Exception code: 0xc000027b
    Fault offset: 0x0000000000701a52
    Faulting process id: 0x1e5c
    Faulting application start time: 0x01d57c9448725df5
    Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxAccounts.exe
    Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
    Report Id: e5ca5a38-b79d-415b-a4ed-3b5b07204907
    Faulting package full name: microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: microsoft.windowslive.manageaccounts

    System errors:
    =============
    Error: (11/09/2019 12:19:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/09/2019 12:19:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/08/2019 10:32:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 5
    Error: (11/08/2019 04:38:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/08/2019 04:38:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/08/2019 03:23:12 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 5
    Error: (11/07/2019 08:44:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.
    Error: (11/07/2019 08:40:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Windows Defender:
    ===================================
    Date: 2019-10-29 20:35:47.407
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {AD3E6F66-5590-40B5-867D-5902F99FD695}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-29 20:26:58.917
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {417F9420-A04B-4ECB-8F22-71CDD790BFB5}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-04 20:12:12.779
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {7C3BC34B-AF39-454E-91BE-588EBAB4A88C}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-04 20:00:35.697
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {472895E1-776A-4189-8FAE-18708017887B}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-04 19:46:16.737
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {AC67BD24-CB31-4E99-9C41-13041197BD34}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    CodeIntegrity:
    ===================================
    Date: 2019-10-10 20:43:52.736
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2019-10-10 20:42:49.207
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2019-10-10 20:41:33.537
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2019-10-10 20:40:37.099
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2019-10-10 20:38:05.927
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2019-10-10 20:36:20.225
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2019-10-10 20:36:08.708
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2019-10-10 20:35:19.300
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.
    ==================== Memory info ===========================
    BIOS: American Megatrends Inc. ZN242GD.305 06/14/2019
    Motherboard: ASUSTeK COMPUTER INC. ZN242GD
    Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
    Percentage of memory in use: 41%
    Total physical RAM: 12221.31 MB
    Available physical RAM: 7151.11 MB
    Total Virtual: 14077.31 MB
    Available Virtual: 7544.71 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:118.19 GB) (Free:6.34 GB) NTFS
    Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:928.98 GB) NTFS
    \\?\Volume{7272db3b-358c-4313-afcc-916498e6e2ee}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.39 GB) NTFS
    \\?\Volume{a371a069-215e-4c0e-a6f0-3b7024ed46f1}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
    ==================== MBR & Partition Table ====================
    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 9FED2F54)
    Partition: GPT.
    ==========================================================
    Disk: 1 (Size: 119.2 GB) (Disk ID: 41E45913)
    Partition: GPT.
    ==================== End of Addition.txt =======================
     
    norman, Nov 9, 2019
    #1
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    What are the problems?

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
     
    broni, Nov 9, 2019
    #2
  3. norman

    norman Established Techie7 Member

    RogueKiller Anti-Malware V13.5.6.0 (x64) [Nov 7 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17763) 64 bits
    Started in : Normal mode
    User : Norman Norris [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20191108_102939, Driver : Loaded
    Mode : Standard Scan, Delete -- Date : 2019/11/09 14:40:12 (Duration : 00:05:07)
    Switches : -refid 3
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.WebBar|PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\WebBar -- -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2858588385-335921699-3881707971-1001\Software\ProductSetup -- -> Deleted
    [PUP.SearchEncrypt (Potentially Malicious)] Search Encrypt -- gnlabkgljnlaidbnocfhgdeajcgmahml -> Deleted


    Malwarebytes
    www.malwarebytes.com
    -Log Details-
    Scan Date: 11/9/19
    Scan Time: 2:43 PM
    Log File: 3159e9d2-0329-11ea-bbb7-1831bfc69e4e.json
    -Software Information-
    Version: 4.0.4.49
    Components Version: 1.0.718
    Update Package Version: 1.0.14724
    License: Free
    -System Information-
    OS: Windows 10 (Build 17763.805)
    CPU: x64
    File System: NTFS
    User: LAPTOP-62QKKGVS\Norman Norris
    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 282959
    Threats Detected: 40
    Threats Quarantined: 40
    Time Elapsed: 2 min, 28 sec
    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect
    -Scan Details-
    Process: 0
    (No malicious items detected)
    Module: 0
    (No malicious items detected)
    Registry Key: 2
    PUP.Optional.WebBar, HKLM\SOFTWARE\MICROSOFT\TRACING\winwb_RASAPI32, Quarantined, 5060, 262291, 1.0.14724, , ame,
    PUP.Optional.WebBar, HKLM\SOFTWARE\MICROSOFT\TRACING\winwb_RASMANCS, Quarantined, 5060, 262291, 1.0.14724, , ame,
    Registry Value: 2
    PUP.Optional.Webbar, HKU\S-1-5-21-2858588385-335921699-3881707971-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|WINWB.EXE, Quarantined, 778, 613803, 1.0.14724, , ame,
    PUP.Optional.Spigot.Generic, HKU\S-1-5-21-2858588385-335921699-3881707971-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|cfacibcmkcdppnkgennkfaepplpkblmp, Quarantined, 208, 530199, , , ,
    Registry Data: 0
    (No malicious items detected)
    Data Stream: 0
    (No malicious items detected)
    Folder: 13
    PUP.Optional.Spigot.Generic, C:\USERS\NORMAN NORRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\cfacibcmkcdppnkgennkfaepplpkblmp, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\html\browserAction, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\_locales\en, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\html\popup, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\_metadata, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\js\popup, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\_locales, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\newtab, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\html, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\css, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\js, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\USERS\NORMAN NORRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CFACIBCMKCDPPNKGENNKFAEPPLPKBLMP, Quarantined, 208, 530199, 1.0.14724, , ame,
    File: 23
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfacibcmkcdppnkgennkfaepplpkblmp\000003.log, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfacibcmkcdppnkgennkfaepplpkblmp\CURRENT, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfacibcmkcdppnkgennkfaepplpkblmp\LOCK, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfacibcmkcdppnkgennkfaepplpkblmp\LOG, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfacibcmkcdppnkgennkfaepplpkblmp\LOG.old, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfacibcmkcdppnkgennkfaepplpkblmp\MANIFEST-000001, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\USERS\NORMAN NORRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\USERS\NORMAN NORRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\USERS\NORMAN NORRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CFACIBCMKCDPPNKGENNKFAEPPLPKBLMP\1.3_0\CHROMERESTORE.JS, Quarantined, 208, 530199, 1.0.14724, , ame,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\css\browserAction.css, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\css\description.css, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\html\browserAction\browserAction.html, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\html\browserAction\description.html, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\js\userNewTab.js, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\newtab\quicknewtabpage.html, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\_locales\en\messages.json, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\_metadata\computed_hashes.json, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\_metadata\verified_contents.json, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\after.js, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\background.js, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\contentscript.js, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\icon.png, Quarantined, 208, 530199, , , ,
    PUP.Optional.Spigot.Generic, C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfacibcmkcdppnkgennkfaepplpkblmp\1.3_0\manifest.json, Quarantined, 208, 530199, , , ,
    Physical Sector: 0
    (No malicious items detected)
    WMI: 0
    (No malicious items detected)

    (end)


    # -------------------------------
    # Malwarebytes AdwCleaner 7.4.2.0
    # -------------------------------
    # Build: 10-21-2019
    # Database: 2019-10-21.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 11-09-2019
    # Duration: 00:00:02
    # OS: Windows 10 Home
    # Cleaned: 16
    # Failed: 0

    ***** [ Services ] *****
    No malicious services cleaned.
    ***** [ Folders ] *****
    No malicious folders cleaned.
    ***** [ Files ] *****
    No malicious files cleaned.
    ***** [ DLL ] *****
    No malicious DLLs cleaned.
    ***** [ WMI ] *****
    No malicious WMI cleaned.
    ***** [ Shortcuts ] *****
    No malicious shortcuts cleaned.
    ***** [ Tasks ] *****
    No malicious tasks cleaned.
    ***** [ Registry ] *****
    No malicious registry entries cleaned.
    ***** [ Chromium (and derivatives) ] *****
    No malicious Chromium entries cleaned.
    ***** [ Chromium URLs ] *****
    Deleted Web Search...
    ***** [ Firefox (and derivatives) ] *****
    No malicious Firefox entries cleaned.
    ***** [ Firefox URLs ] *****
    No malicious Firefox URLs cleaned.
    ***** [ Preinstalled Software ] *****
    Deleted Preinstalled.ASUSDeviceActivation Folder C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION
    Deleted Preinstalled.ASUSDeviceActivation Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
    Deleted Preinstalled.ASUSHello Folder C:\Program Files (x86)\ASUS\ASUS HELLO
    Deleted Preinstalled.ASUSHello Folder C:\ProgramData\ASUS\ASUS HELLO
    Deleted Preinstalled.ASUSHello Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C726E3C-698C-41D8-9652-1959994E643D}
    Deleted Preinstalled.ASUSHello Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Hello
    Deleted Preinstalled.ASUSHello Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}
    Deleted Preinstalled.ASUSHello Task C:\Windows\System32\Tasks\ASUS HELLO
    Deleted Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE
    Deleted Preinstalled.ASUSLiveUpdate Folder C:\ProgramData\ASUS\ASUS LIVE UPDATE
    Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B35BEEB-A80C-4223-B9A0-3CB48A94FC8F}
    Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker
    Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}
    Deleted Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER
    Deleted Preinstalled.ASUSProductRegistration Folder C:\ProgramData\ASUS\APRP

    *************************
    [+] Delete Tracing Keys
    [+] Reset Winsock
    *************************
    AdwCleaner_Debug.log - [26814 octets] - [09/11/2019 14:50:20]
    AdwCleaner[S00].txt - [3021 octets] - [09/11/2019 14:50:38]
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


    When finished with Malwarebytes there was an option for remove infected so it quarantined the infected. Do I need to go somewhere to delete them from the quarantined?
     
    norman, Nov 9, 2019
    #3
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
    broni, Nov 9, 2019
    #4
  5. norman

    norman Established Techie7 Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2019 01
    Ran by Norman Norris (administrator) on LAPTOP-62QKKGVS (ASUSTeK COMPUTER INC. Zen AIO 24 ZN242GD_ZN242GD) (09-11-2019 19:43:58)
    Running from C:\Users\Norman Norris\Desktop
    Loaded Profiles: Norman Norris (Available Profiles: Norman Norris)
    Platform: Windows 10 Home Version 1809 17763.805 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
    (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
    (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsHidSrv64.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsLdrSrv64.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsMonStartupTask64.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\ATKOSD2.exe
    (ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Norman Norris\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\net.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\net1.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
    (NETGEAR TAIWAN CO., LTD -> ) D:\NETGEAR Genie\bin\genie2_tray.exe
    (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.) D:\NETGEAR Genie\bin\NETGEARGenie.exe
    (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
    (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
    (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
    ==================== Registry (Whitelisted) ===================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\...\Run: [NETGEARGenie] => D:\NETGEAR Genie\bin\NETGEARGenie.exe [610904 2018-07-22] (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [221184 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.87\Installer\chrmstp.exe [2019-11-05] (Google LLC -> Google LLC)
    ==================== Scheduled Tasks (Whitelisted) ============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {0F9DBD9F-3579-462B-AE8A-064280549389} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [176080 2018-02-13] (ASUSTeK Computer Inc. -> ASUSTek Computer INC.)
    Task: {11781D81-6239-4BDD-BD38-6CBAF072D873} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156504 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {1A21379D-D515-4452-93BC-210F8D069E5A} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-62QKKGVS-Norman Norris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {231FBB30-450F-4460-9DF7-4F480100328B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    Task: {2908A6C7-DFD7-490D-8CB1-D7538928188C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {29618372-49F1-4D47-8D18-A72E152CA66E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {4F031DAF-92F7-4546-B3F9-1DC43885520E} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {5B1D7177-537C-475B-8E57-7A5719FB1CFD} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {6217D72C-74D3-47BB-8FCF-9430702764EC} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
    Task: {6673EA1E-1711-491C-8E24-F9AB2BE9CCBA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {677409C1-1BF3-458C-A2F3-C665D3936D61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-11] (Google Inc -> Google LLC)
    Task: {7E5B0A49-B366-41B8-86E8-0035397D884D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {8322E433-5761-4A8E-94D6-FD793CBFA9FE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {8D67E46D-31E4-4565-AAE7-15F48B84D817} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2378024 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {8E837BCD-30D1-4B97-A569-F8E974A3D083} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {9DE5398A-9A30-486D-89F9-AED88C050824} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
    Task: {A24BEDB4-0E15-4BC0-9EE3-27AEB069833B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2169960 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {A5AC24D8-7925-491E-9D12-C351AE35F5A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {A850BCE9-BDC4-41F3-B48C-1740E1C0E90F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-11] (Google Inc -> Google LLC)
    Task: {B3EA480C-5B16-461B-9F1B-729BC44169AB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156504 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D1EF52E5-AE90-4B25-A35D-3BC87E1EB4DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367496 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D9D621B0-F2DC-4DEA-8A03-DF542AA5A631} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {DCEE6A8D-7BB4-4230-8E55-AFFCE625085B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2169960 2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Task: {E3FD1104-B799-4221-BE42-F83A0396A1DC} - System32\Tasks\Opera scheduled Autoupdate 1552439915 => C:\Users\Norman Norris\AppData\Local\Programs\Opera\launcher.exe
    Task: {EFC803C8-F435-4D76-A834-DA8297E64BBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {F211B5BB-1642-436D-8AF1-BC81536EED07} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {F6FA239D-4AAF-41E1-872E-EE2F80D51F39} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [35096632 2019-11-07] (Adlice -> )
    Task: {FBA86FFE-86CF-4531-BE1F-199E8AE230DE} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {FE0193A2-BF46-4DE1-B2F6-FC8F40A444B2} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{974da473-8be5-409a-8552-d8500e9b8bdb}: [DhcpNameServer] 192.168.1.1
    Internet Explorer:
    ==================
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131969135319015822&GUID=B94ABDC1-D9BA-4BA3-A3B9-EB24535A7D14
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
    SearchScopes: HKU\S-1-5-21-2858588385-335921699-3881707971-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2858588385-335921699-3881707971-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-11-04] (Microsoft Corporation -> Microsoft Corporation)
    Edge:
    ======
    DownloadDir: D:\Downloads
    FireFox:
    ========
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-28] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.msn.com/"
    CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> se
    CHR DefaultSuggestURL: Default -> hxxps://www.searchencrypt.com/encsuggest?q={searchTerms}
    CHR Notifications: Default -> hxxps://search.hearthandsatellitemaps.com; hxxps://www.youtube.com
    CHR Profile: C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default [2019-05-12]
    CHR Extension: (Slides) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-11]
    CHR Extension: (Docs) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-11]
    CHR Extension: (Google Drive) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-11]
    CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-05-11]
    CHR Extension: (YouTube) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-11]
    CHR Extension: (Sheets) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-11]
    CHR Extension: (iCloud Bookmarks) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2019-05-11]
    CHR Extension: (Google Docs Offline) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-11]
    CHR Extension: (Avast Online Security) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-05-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-11]
    CHR Extension: (Gmail) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-11]
    CHR Extension: (Chrome Media Router) - C:\Users\Norman Norris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-11]
    ==================== Services (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsHidSrv64.exe [171912 2018-01-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsLdrSrv64.exe [202120 2018-01-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11642744 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
    R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1646120 2018-02-04] (Intel(R) pGFX -> Intel Corporation)
    R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [539024 2019-03-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [767184 2018-06-11] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [727224 2018-06-11] (Intel(R) Trust Services -> Intel(R) Corporation)
    R2 jhi_service; C:\WINDOWS\System32\jhi_service.exe [576560 2018-06-27] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-09] (Malwarebytes Inc -> Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-08-03] (Intel Corporation -> )
    S3 NETGEARGenieDaemon; D:\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-04] (Netgear Incorporated -> NETGEAR)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
    R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 ZenAnywhere; C:\Program Files\Orbweb Inc\ZenAnywhere\ZenAnywhere.exe [154560 2018-02-07] (Orbweb Taiwan Inc. -> Orbweb Inc.)
    S3 ZenAnywhere Updater; C:\Program Files\Orbweb Inc\ZenAnywhere\updater.exe [154560 2018-02-07] (Orbweb Taiwan Inc. -> Orbweb Inc.)
    S3 ZenAnywhereNetworkService; C:\Program Files\Orbweb Inc\ZenAnywhere\bin\ZenAnywhereNetworkService.exe [67520 2017-04-07] (Orbweb Taiwan Inc. -> Orbweb Inc.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4060256 2018-08-03] (Intel Corporation -> Intel® Corporation)
    S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    ===================== Drivers (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [109008 2017-10-17] (Alcor Micro, Corp. -> )
    S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\atkwmiacpi64.sys [30600 2018-01-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [76696 2017-10-27] (Intel Corporation -> Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [70040 2017-10-27] (Intel Corporation -> Intel Corporation)
    R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [399264 2017-10-27] (Intel Corporation -> Intel Corporation)
    R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [942128 2018-02-13] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R3 ibtusb; C:\WINDOWS\System32\drivers\ibtusb.sys [198168 2018-04-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [248480 2019-11-09] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-11-09] (Malwarebytes Inc -> Malwarebytes)
    R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8743448 2018-04-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2019-09-10] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaki.inf_amd64_32392337f3ae9e64\nvlddmkm.sys [22738296 2019-10-23] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-16] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 RealWoW60; C:\WINDOWS\system32\DRIVERS\RealWoW60.sys [39432 2017-04-07] (Realtek Semiconductor Corp. -> Realtek semiconductor corp)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-10-19] (Realtek Semiconductor Corp. -> Realtek )
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-11-09] (Adlice -> )
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-10-28] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-28] (Microsoft Windows -> Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One month (created) ===================
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-11-09 14:52 - 2019-11-09 14:52 - 000248480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-11-09 14:51 - 2019-11-09 14:51 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-11-09 14:50 - 2019-11-09 14:51 - 000000000 ____D C:\AdwCleaner
    2019-11-09 14:48 - 2019-11-09 14:48 - 000008825 _____ C:\Users\Norman Norris\Desktop\Malwarebytes.txt
    2019-11-09 14:43 - 2019-11-09 14:43 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-11-09 14:43 - 2019-11-09 14:43 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2019-11-09 14:43 - 2019-11-09 14:43 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\mbamtray
    2019-11-09 14:43 - 2019-11-09 14:43 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\mbam
    2019-11-09 14:43 - 2019-11-09 14:43 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\cache
    2019-11-09 14:43 - 2019-11-09 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-11-09 14:43 - 2019-11-09 14:42 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-11-09 14:42 - 2019-11-09 14:42 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-11-09 14:42 - 2019-11-09 14:42 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-11-09 14:42 - 2019-11-09 14:42 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-11-09 14:34 - 2019-11-09 14:34 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2019-11-09 14:33 - 2019-11-09 14:33 - 000003172 _____ C:\WINDOWS\system32\Tasks\RogueKiller Anti-Malware
    2019-11-09 14:33 - 2019-11-09 14:33 - 000000000 ____D C:\ProgramData\RogueKiller
    2019-11-09 14:32 - 2019-11-09 14:32 - 000000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2019-11-09 14:32 - 2019-11-09 14:32 - 000000901 _____ C:\ProgramData\Desktop\RogueKiller.lnk
    2019-11-09 14:32 - 2019-11-09 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-11-09 14:32 - 2019-11-09 14:32 - 000000000 ____D C:\Program Files\RogueKiller
    2019-11-09 14:30 - 2019-11-09 14:30 - 007622344 _____ (Malwarebytes) C:\Users\Norman Norris\Desktop\AdwCleaner.exe
    2019-11-09 12:31 - 2019-11-09 12:40 - 000042520 _____ C:\Users\Norman Norris\Desktop\Addition.txt
    2019-11-09 12:30 - 2019-11-09 19:44 - 000031609 _____ C:\Users\Norman Norris\Desktop\FRST.txt
    2019-11-09 12:30 - 2019-11-09 19:44 - 000000000 ____D C:\FRST
    2019-11-09 12:29 - 2019-11-09 12:29 - 002259968 _____ (Farbar) C:\Users\Norman Norris\Desktop\FRST64.exe
    2019-11-09 12:25 - 2019-11-09 12:25 - 000001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk
    2019-11-09 12:22 - 2019-11-09 12:22 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
    2019-11-09 12:19 - 2019-11-09 12:19 - 000000000 ___HD C:\OneDriveTemp
    2019-11-08 16:48 - 2019-11-08 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxon
    2019-11-08 16:47 - 2019-11-08 16:48 - 000000000 ____D C:\Program Files\Maxon Cinema 4D R21
    2019-11-08 16:46 - 2019-11-08 16:46 - 000001252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk
    2019-11-08 16:43 - 2019-11-08 16:43 - 000001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
    2019-11-07 20:50 - 2019-11-07 20:50 - 000001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver 2020.lnk
    2019-11-07 20:46 - 2019-11-07 20:46 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
    2019-11-07 20:46 - 2019-11-07 20:46 - 000001040 _____ C:\Users\Norman Norris\Desktop\Lightroom.lnk
    2019-11-07 20:43 - 2019-11-07 20:43 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk
    2019-11-05 17:01 - 2019-11-05 17:01 - 000000000 ____D C:\WINDOWS\Panther
    2019-10-29 18:49 - 2019-10-23 09:11 - 001073872 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 001073872 _____ C:\WINDOWS\system32\vulkan-1.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 000931536 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 000931536 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 000848592 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
    2019-10-29 18:49 - 2019-10-23 09:11 - 000848592 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2019-10-29 18:49 - 2019-10-23 09:11 - 000706256 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
    2019-10-29 18:49 - 2019-10-23 09:11 - 000706256 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2019-10-29 18:49 - 2019-10-23 09:11 - 000450440 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2019-10-29 18:49 - 2019-10-23 09:11 - 000353712 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 011838808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 010163632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 000825720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 000677792 _____ C:\WINDOWS\system32\nvofapi64.dll
    2019-10-29 18:49 - 2019-10-23 09:10 - 000545160 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 040512072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 017460128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 015028368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 005381496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 004715968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 002074312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001733504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6444108.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001567664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001490864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6444108.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001483184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001371040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001145856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 001064368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 000814592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 000684992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 000659888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2019-10-29 18:49 - 2019-10-23 09:09 - 000556464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2019-10-29 18:49 - 2019-10-23 09:08 - 035380264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2019-10-29 18:49 - 2019-10-23 09:07 - 004206064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2019-10-23 14:18 - 2019-10-23 14:18 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2019.lnk
    ==================== One month (modified) ==================
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-11-09 19:41 - 2019-02-22 20:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-11-09 19:41 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-11-09 19:00 - 2019-02-22 20:42 - 000004182 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{CCB92E55-D84A-457E-B563-A5588401D966}
    2019-11-09 14:58 - 2019-02-22 20:46 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-11-09 14:58 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
    2019-11-09 14:54 - 2018-05-18 19:09 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-11-09 14:52 - 2019-09-10 14:13 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\NETGEARGenie
    2019-11-09 14:52 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-11-09 14:52 - 2018-08-04 06:40 - 000000000 ___RD C:\Users\Norman Norris\Creative Cloud Files
    2019-11-09 14:52 - 2018-08-04 06:18 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\Adobe
    2019-11-09 14:52 - 2018-08-03 08:18 - 000000000 ___RD C:\Users\Norman Norris\OneDrive
    2019-11-09 14:52 - 2018-05-18 19:12 - 000000000 ____D C:\ProgramData\ASUS
    2019-11-09 14:51 - 2019-02-22 20:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-11-09 14:51 - 2018-09-15 01:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-11-09 14:51 - 2017-11-24 23:31 - 000000000 ____D C:\Program Files (x86)\ASUS
    2019-11-09 14:43 - 2018-09-15 02:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-11-09 13:06 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-11-09 12:25 - 2019-08-21 13:53 - 000000000 ___HD C:\adobeTemp
    2019-11-09 12:25 - 2018-08-04 06:36 - 000000000 ____D C:\Program Files\Adobe
    2019-11-08 16:43 - 2018-08-04 07:03 - 000000000 ____D C:\Program Files\Common Files\Adobe
    2019-11-08 16:43 - 2018-08-04 06:20 - 000000000 ____D C:\ProgramData\Adobe
    2019-11-08 16:43 - 2018-08-03 08:17 - 000000000 ____D C:\Users\Norman Norris\AppData\Roaming\Adobe
    2019-11-07 20:41 - 2018-08-02 16:48 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\CrashDumps
    2019-11-05 17:01 - 2018-09-02 15:27 - 000000000 ____D C:\Users\Norman Norris\AppData\Local\D3DSCache
    2019-11-05 17:01 - 2018-08-05 06:04 - 000000000 ____D C:\ProgramData\Packages
    2019-11-05 17:00 - 2018-05-18 19:09 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2019-11-05 15:57 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-11-05 15:54 - 2019-05-11 12:57 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-11-05 15:54 - 2019-05-11 12:57 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-11-05 15:54 - 2019-05-11 12:57 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2019-11-05 15:48 - 2019-05-11 12:57 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2019-11-05 15:48 - 2019-05-11 12:57 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2019-11-05 15:48 - 2018-08-09 18:51 - 000000000 ____D C:\Program Files (x86)\Google
    2019-11-04 18:15 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2019-11-04 18:15 - 2018-08-02 19:11 - 000000000 ____D C:\Program Files\Microsoft Office
    2019-10-30 17:45 - 2018-05-18 19:09 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2019-10-29 18:50 - 2018-05-18 19:09 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2019-10-28 18:36 - 2018-08-03 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-10-23 09:07 - 2019-01-15 17:33 - 004936384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2019-10-22 18:14 - 2019-02-22 20:42 - 000003394 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2858588385-335921699-3881707971-1001
    2019-10-22 18:14 - 2019-02-22 20:38 - 000002436 _____ C:\Users\Norman Norris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-10-22 14:56 - 2019-01-15 17:33 - 000056015 _____ C:\WINDOWS\system32\nvinfo.pb
    2019-10-22 13:10 - 2018-05-18 19:09 - 005530608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 002637152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 001768456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 000655808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 000451608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 000124784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2019-10-22 13:10 - 2018-05-18 19:09 - 000083392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2019-10-22 12:37 - 2018-05-18 19:09 - 008764732 _____ C:\WINDOWS\system32\nvcoproc.bin
    2019-10-18 19:34 - 2019-10-01 21:08 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
    2019-10-10 15:04 - 2018-08-04 06:28 - 000001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2019-10-10 15:04 - 2018-08-04 06:28 - 000001354 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2019-10-10 15:04 - 2018-08-04 06:28 - 000001354 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk
    2019-10-10 15:04 - 2018-08-04 06:20 - 000000000 ____D C:\Program Files (x86)\Adobe
    ==================== Files in the root of some directories ========
    2018-10-07 12:11 - 2018-10-10 19:52 - 000001456 _____ () C:\Users\Norman Norris\AppData\Local\Adobe Save for Web 13.0 Prefs
    2018-09-26 14:55 - 2018-09-26 14:55 - 000000000 _____ () C:\Users\Norman Norris\AppData\Local\oobelibMkey.log
    ==================== SigCheck ============================
    (There is no automatic fix for files that do not pass verification.)
    ==================== End of FRST.txt ========================



    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2019 01
    Ran by Norman Norris (09-11-2019 19:44:40)
    Running from C:\Users\Norman Norris\Desktop
    Windows 10 Home Version 1809 17763.805 (X64) (2019-02-23 01:42:18)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-2858588385-335921699-3881707971-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2858588385-335921699-3881707971-503 - Limited - Disabled)
    Guest (S-1-5-21-2858588385-335921699-3881707971-501 - Limited - Disabled)
    Norman Norris (S-1-5-21-2858588385-335921699-3881707971-1001 - Administrator - Enabled) => C:\Users\Norman Norris
    WDAGUtilityAccount (S-1-5-21-2858588385-335921699-3881707971-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1_3) (Version: 16.1.3 - Adobe Systems Incorporated)
    Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0) (Version: 17.0 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
    Adobe Dreamweaver 2019 (HKLM-x32\...\DRWV_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated)
    Adobe Dreamweaver 2020 (HKLM-x32\...\DRWV_20_0) (Version: 20.0 - Adobe Systems Incorporated)
    Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_0) (Version: 24.0 - Adobe Systems Incorporated)
    Adobe Lightroom (HKLM-x32\...\LRCC_3_0) (Version: 3.0 - Adobe Systems Incorporated)
    Adobe Lightroom Classic (HKLM-x32\...\LTRM_9_0) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Media Encoder 2019 (HKLM-x32\...\AME_13_1_5) (Version: 13.1.5 - Adobe Systems Incorporated)
    Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0) (Version: 14.0 - Adobe Systems Incorporated)
    Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0) (Version: 21.0 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_7) (Version: 20.0.7 - Adobe Systems Incorporated)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.87 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
    Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
    Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00002030-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.30.2 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{86310f5b-bdb9-47b7-9ff9-d633944adc43}) (Version: 20.80.0.0u - Intel Corporation)
    Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
    Maxon Cinema 4D R21 (HKLM\...\Maxon Cinema 4D R21) (Version: R21 - Maxon)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12130.20272 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2858588385-335921699-3881707971-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.60.00 - NETGEAR Inc.)
    NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
    NVIDIA Graphics Driver 441.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.08 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden
    RogueKiller version 13.5.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.6.0 - Adlice Software)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.7 - ASUSTeK COMPUTER INC.)
    ZenAnywhere (HKLM\...\{F5FAC87D-741C-4891-B113-19C9725E8368}) (Version: 4.5.30 - Orbweb Inc.) Hidden
    ZenAnywhere (HKLM-x32\...\ZenAnywhere 4.5.30) (Version: 4.5.30 - Orbweb Inc.)
    Packages:
    =========
    Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-07-22] (Adobe Systems Incorporated)
    Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_24.1.22.6_x64__adky2gkssdxte [2019-11-07] (Adobe Systems Incorporated)
    ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.7.0_x64__qmba6cd70vzyy [2019-04-25] (ASUSTeK COMPUTER INC.)
    ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-18] (ASUSTeK COMPUTER INC.) [Startup Task]
    ASUS Product Registration Program -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgram_3.0.3.0_x86__qmba6cd70vzyy [2018-08-02] (ASUSTeK COMPUTER INC.) [Startup Task]
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.2.6.0_x86__kgqvnymyfvs32 [2019-11-02] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1630.7.0_x86__kgqvnymyfvs32 [2019-11-04] (king.com)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-02] (king.com)
    Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_6.0.0.3_x86__m9bz608c1b9ra [2019-10-08] (Nordcurrent)
    Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_4.9.0.11_x86__h6adky7gbf63m [2019-11-07] (Gameloft.)
    Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.31.3102.0_x86__ytsefhwckbdv6 [2019-11-04] (G5 Entertainment AB)
    iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa [2019-11-02] (Apple Inc.) [Startup Task]
    LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-08-02] (LinkedIn)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-04] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
    Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2018-10-27] (Microsoft Platform Extensions)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-09] (Microsoft Studios) [MS Ad]
    Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.13.34.0_x64__8wekyb3d8bbwe [2019-11-02] (Microsoft Studios)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
    MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-05-18] (ASUSTeK COMPUTER INC.) [Startup Task]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-11-02] (Netflix, Inc.)
    Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-06-12] (Realtek Semiconductor Corp)
    Splendid -> C:\Program Files\WindowsApps\B9ECED6F.Splendid_1.0.14.0_x64__qmba6cd70vzyy [2019-04-16] (ASUSTeK COMPUTER INC.)
    WPS Office for ASUS -> C:\Program Files\WindowsApps\ZhuhaiKingsoftOfficeSoftw.WPSOffice_11.2.8340.0_x86__924xes6e8q1tw [2019-11-04] (Kingsoft Office Software Corporation Limited)
    ==================== Custom CLSID (Whitelisted): ==============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-2858588385-335921699-3881707971-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4D8BEBF55BC9} -> [Creative Cloud Files] => C:\Users\Norman Norris\Creative Cloud Files [2018-08-04 06:40]
    CustomCLSID: HKU\S-1-5-21-2858588385-335921699-3881707971-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-09] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-22] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-09] (Malwarebytes Corporation -> Malwarebytes)
    ==================== Codecs (Whitelisted) ====================
    ==================== Shortcuts & WMI ========================
    ==================== Loaded Modules (Whitelisted) =============
    2016-03-02 23:17 - 2016-03-02 23:17 - 000136704 _____ () [File not signed] D:\NETGEAR Genie\bin\airprintdll.dll
    2016-03-02 23:17 - 2016-03-02 23:17 - 000146944 _____ () [File not signed] D:\NETGEAR Genie\bin\DiagnoseDll.dll
    2016-01-14 21:06 - 2016-01-14 21:06 - 000057344 _____ () [File not signed] D:\NETGEAR Genie\bin\DiagnosePlugin.dll
    2016-02-22 03:25 - 2016-02-22 03:25 - 000116224 _____ () [File not signed] D:\NETGEAR Genie\bin\DragonNetTool.dll
    2015-08-24 03:41 - 2015-08-24 03:41 - 002360622 _____ () [File not signed] D:\NETGEAR Genie\bin\drivers\libntgr_api.dll
    2019-05-22 03:09 - 2019-05-22 03:09 - 000713728 _____ () [File not signed] D:\NETGEAR Genie\bin\Genie.dll
    2018-07-19 23:31 - 2018-07-19 23:31 - 000168448 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
    2018-07-19 23:31 - 2018-07-19 23:31 - 000591872 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Internet.dll
    2019-05-15 03:07 - 2019-05-15 03:07 - 006903808 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Map.dll
    2018-07-19 23:36 - 2018-07-19 23:36 - 002980352 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
    2019-05-15 03:07 - 2019-05-15 03:07 - 000967168 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
    2019-04-19 01:38 - 2019-04-19 01:38 - 001259520 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
    2018-11-21 20:58 - 2018-11-21 20:58 - 011973632 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Resource.dll
    2019-05-15 03:05 - 2019-05-15 03:05 - 002683392 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
    2019-05-22 04:51 - 2019-05-22 04:51 - 000278528 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
    2019-05-22 03:14 - 2019-05-22 03:14 - 000888832 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Ui.dll
    2018-11-20 05:34 - 2018-11-20 05:34 - 000422400 _____ () [File not signed] D:\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
    2018-12-12 05:36 - 2018-12-12 05:36 - 000633344 _____ () [File not signed] D:\NETGEAR Genie\bin\InnerPlugin_Update.dll
    2018-07-19 23:33 - 2018-07-19 23:33 - 000433664 _____ () [File not signed] D:\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
    2014-12-21 11:07 - 2014-12-21 11:07 - 000119822 _____ () [File not signed] D:\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
    2014-12-21 11:07 - 2014-12-21 11:07 - 001026062 _____ () [File not signed] D:\NETGEAR Genie\bin\libstdc++-6.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000111616 _____ () [File not signed] D:\NETGEAR Genie\bin\libvlc.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 002285056 _____ () [File not signed] D:\NETGEAR Genie\bin\libvlccore.dll
    2016-03-02 23:17 - 2016-03-02 23:17 - 000074752 _____ () [File not signed] D:\NETGEAR Genie\bin\NetcardApi.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000219648 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000049664 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000051200 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000051200 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\control\libhotkeys_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000037376 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\mmxext\libmemcpymmxext_plugin.dll
    2012-06-27 17:23 - 2012-06-27 17:23 - 000070144 _____ () [File not signed] D:\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
    2016-02-26 05:07 - 2016-02-26 05:07 - 000049152 _____ () [File not signed] D:\NETGEAR Genie\bin\QRCode.dll
    2016-08-15 03:28 - 2016-08-15 03:28 - 001125888 _____ () [File not signed] D:\NETGEAR Genie\bin\qwt.dll
    2019-05-22 03:13 - 2019-05-22 03:13 - 001701376 _____ () [File not signed] D:\NETGEAR Genie\bin\SvtNetworkTool.dll
    2016-03-02 23:17 - 2016-03-02 23:17 - 000072192 _____ () [File not signed] D:\NETGEAR Genie\bin\SVTUtils.dll
    2016-01-14 21:23 - 2016-01-14 21:23 - 000026112 _____ () [File not signed] D:\NETGEAR Genie\bin\WSetupApiPlugin.dll
    2016-04-12 01:13 - 2016-04-12 01:13 - 000067072 _____ () [File not signed] D:\NETGEAR Genie\bin\WSetupDll.dll
    2014-12-21 11:07 - 2014-12-21 11:07 - 000049152 _____ (MingW-W64 Project. All rights reserved.) [File not signed] D:\NETGEAR Genie\bin\libwinpthread-1.dll
    2013-02-19 01:46 - 2013-02-19 01:46 - 000220160 _____ (NETGEAR Inc.) [File not signed] D:\NETGEAR Genie\bin\drivers\NETGEAR_PLC_L2_API.dll
    2014-03-23 21:32 - 2014-03-23 21:32 - 000060273 _____ (Open Source Software community project) [File not signed] D:\NETGEAR Genie\bin\pthreadGC2.dll
    2013-02-10 20:35 - 2013-02-10 20:35 - 001178624 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\NETGEAR Genie\bin\LIBEAY32.dll
    2013-02-10 20:35 - 2013-02-10 20:35 - 000269824 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\NETGEAR Genie\bin\ssleay32.dll
    2015-10-12 14:44 - 2015-10-12 14:44 - 000033280 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qgif.dll
    2015-10-12 14:45 - 2015-10-12 14:45 - 000034816 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qico.dll
    2015-10-12 14:45 - 2015-10-12 14:45 - 000246784 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qjpeg.dll
    2015-10-12 14:58 - 2015-10-12 14:58 - 000366592 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qmng.dll
    2015-10-12 14:48 - 2015-10-12 14:48 - 000028672 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qsvg.dll
    2015-10-12 14:58 - 2015-10-12 14:58 - 000027648 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qtga.dll
    2015-10-12 14:58 - 2015-10-12 14:58 - 000433664 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qtiff.dll
    2015-10-12 14:58 - 2015-10-12 14:58 - 000027136 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\imageformats\qwbmp.dll
    2015-10-12 14:46 - 2015-10-12 14:46 - 001413632 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\platforms\qwindows.dll
    2015-10-12 14:47 - 2015-10-12 14:47 - 000044544 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
    2015-11-18 23:54 - 2015-11-18 23:54 - 005391360 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Core.dll
    2015-10-12 14:31 - 2015-10-12 14:31 - 005334528 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Gui.dll
    2015-10-12 14:26 - 2015-10-12 14:26 - 001528832 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Network.dll
    2015-10-12 14:42 - 2015-10-12 14:42 - 000334848 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5OpenGL.dll
    2016-04-12 21:52 - 2016-04-12 21:52 - 000357888 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5PrintSupport.dll
    2015-10-12 14:48 - 2015-10-12 14:48 - 000331776 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Svg.dll
    2015-10-12 14:37 - 2015-10-12 14:37 - 006541824 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Widgets.dll
    2015-10-12 14:25 - 2015-10-12 14:25 - 000237056 _____ (The Qt Company Ltd) [File not signed] D:\NETGEAR Genie\bin\Qt5Xml.dll
    ==================== Alternate Data Streams (Whitelisted) ========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\Users\Norman Norris\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    ==================== Safe Mode (Whitelisted) ==================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    ==================== Association (Whitelisted) =================
    ==================== Internet Explorer trusted/restricted ==========
    ==================== Hosts content: =========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
    ==================== Other Areas ===========================
    (Currently there is no automatic fix for this section.)
    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
    HKU\S-1-5-21-2858588385-335921699-3881707971-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    ==================== FirewallRules (Whitelisted) ================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{66179DC2-4E7B-4DBB-B37F-E6DBED776ACC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{F0DCC11D-8739-4B76-BD8B-A4D520DE9F1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{AC48F4EF-6273-475F-BCCA-AF0B5A6CC114}] => (Allow) C:\Users\Norman Norris\AppData\Local\Programs\Opera\58.0.3135.90\opera.exe No File
    FirewallRules: [{E510D59E-2902-46DC-8CC4-4BC183761734}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
    FirewallRules: [TCP Query User{51D181AA-D16D-404E-B472-8778E4ED36BB}D:\netgear genie\bin\netgeargenie.exe] => (Allow) D:\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    FirewallRules: [UDP Query User{4FA92FA8-7C49-47BE-9D34-7A75E0045F79}D:\netgear genie\bin\netgeargenie.exe] => (Allow) D:\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    FirewallRules: [{055DE629-11C4-4E79-8653-C4D4D252C1EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{E8C95346-37E8-4AB7-8DCE-C33B3F19FDA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{E6190289-C08E-49E3-B4A5-F5D87D048FC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{B0120B2C-0AA1-4217-9C01-01B1F96CBBCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{5C33C0CA-9745-45FE-BC9D-30D83D9AF7D1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{6CE4DFEF-4E2C-46F3-B242-0695FB289E27}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{9083BAD3-8BD8-4DBC-BE74-CBD7A20294F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{47322B2E-E0AA-4AF7-AB90-DF201BF17CF4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{29ABF649-A1CB-4BFC-87F6-F22D678D9621}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{45BC80FB-F6AE-4E18-9991-A02349AA1ADC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{2D80E5EC-AC21-42F3-988D-56CAAEF678F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{9F719C89-849D-4E38-80C9-8C88C186232A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{BFB41692-E4D7-4F34-961B-3DEE31090535}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{67995AB4-F5B5-46B4-8EBA-B173DF6FAC64}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    ==================== Restore Points =========================
    ATTENTION: System Restore is disabled (Total:118.19 GB) (Free:5.15 GB) (4%)
    ==================== Faulty Device Manager Devices ============

    ==================== Event log errors: ========================
    Application errors:
    ==================
    Error: (11/07/2019 08:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AdobeNotificationClient.exe, version: 4.9.0.484, time stamp: 0x5d0b467b
    Faulting module name: AdobeNotificationClient.exe, version: 4.9.0.484, time stamp: 0x5d0b467b
    Exception code: 0x80000003
    Fault offset: 0x0000b311
    Faulting process id: 0x435c
    Faulting application start time: 0x01d595d5931faa12
    Faulting application path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Faulting module path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Report Id: dba805e2-285b-48c6-8f16-b2644106af96
    Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
    Faulting package-relative application ID: App
    Error: (11/04/2019 06:12:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AdobeNotificationClient.exe version 4.9.0.484 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 3d80
    Start Time: 01d593655ae00e62
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Report Id: 962962f3-ba8e-46bb-ae57-8e0f55e194a8
    Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (11/03/2019 05:36:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17763.1, time stamp: 0x90f701bc
    Faulting module name: EdgeContent.dll, version: 11.0.17763.802, time stamp: 0xff258093
    Exception code: 0xc0000409
    Fault offset: 0x00000000000ae915
    Faulting process id: 0x4130
    Faulting application start time: 0x01d59256957490e3
    Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
    Faulting module path: C:\Windows\System32\EdgeContent.dll
    Report Id: 6e038b09-b69a-42b4-98d4-945d1dc988c5
    Faulting package full name: Microsoft.MicrosoftEdge_44.17763.771.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: MicrosoftEdge
    Error: (10/31/2019 07:04:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AdobeNotificationClient.exe version 4.9.0.484 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 1cfc
    Start Time: 01d59047e3df81a0
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Report Id: 30787653-e52e-43f1-b885-05fb56e5fe00
    Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (10/27/2019 03:53:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17763.1, time stamp: 0x90f701bc
    Faulting module name: EdgeContent.dll, version: 11.0.17763.802, time stamp: 0xff258093
    Exception code: 0xc0000409
    Fault offset: 0x00000000000ae915
    Faulting process id: 0x498c
    Faulting application start time: 0x01d58ced5ea72464
    Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
    Faulting module path: C:\Windows\System32\EdgeContent.dll
    Report Id: aa0e5312-dd99-4637-84ef-1e28ac9e8de5
    Faulting package full name: Microsoft.MicrosoftEdge_44.17763.771.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: MicrosoftEdge
    Error: (10/11/2019 03:30:16 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
    Description: Event-ID 0
    Error: (10/10/2019 03:05:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AdobeNotificationClient.exe version 4.9.0.484 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 22cc
    Start Time: 01d57fa598fc5753
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
    Report Id: 26cbf05f-3b25-4c83-a8b1-f4e3f7c075e5
    Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (10/07/2019 07:08:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HxAccounts.exe, version: 16.0.12026.20218, time stamp: 0x5d81ddff
    Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17763.771, time stamp: 0xf9ab778e
    Exception code: 0xc000027b
    Fault offset: 0x0000000000701a52
    Faulting process id: 0x1e5c
    Faulting application start time: 0x01d57c9448725df5
    Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxAccounts.exe
    Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
    Report Id: e5ca5a38-b79d-415b-a4ed-3b5b07204907
    Faulting package full name: microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: microsoft.windowslive.manageaccounts

    System errors:
    =============
    Error: (11/09/2019 02:53:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscDataProtection
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/09/2019 02:53:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/09/2019 02:53:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.SecurityAppBroker
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/09/2019 02:52:40 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-62QKKGVS)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscCloudBackupProvider
    and APPID
    Unavailable
    to the user LAPTOP-62QKKGVS\Norman Norris SID (S-1-5-21-2858588385-335921699-3881707971-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/09/2019 02:52:39 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-62QKKGVS)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscCloudBackupProvider
    and APPID
    Unavailable
    to the user LAPTOP-62QKKGVS\Norman Norris SID (S-1-5-21-2858588385-335921699-3881707971-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/09/2019 02:52:39 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-62QKKGVS)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscCloudBackupProvider
    and APPID
    Unavailable
    to the user LAPTOP-62QKKGVS\Norman Norris SID (S-1-5-21-2858588385-335921699-3881707971-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/09/2019 02:52:39 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-62QKKGVS)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscCloudBackupProvider
    and APPID
    Unavailable
    to the user LAPTOP-62QKKGVS\Norman Norris SID (S-1-5-21-2858588385-335921699-3881707971-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/09/2019 02:52:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Windows Defender:
    ===================================
    Date: 2019-10-29 20:35:47.407
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {AD3E6F66-5590-40B5-867D-5902F99FD695}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-29 20:26:58.917
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {417F9420-A04B-4ECB-8F22-71CDD790BFB5}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-04 20:12:12.779
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {7C3BC34B-AF39-454E-91BE-588EBAB4A88C}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-04 20:00:35.697
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {472895E1-776A-4189-8FAE-18708017887B}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-04 19:46:16.737
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {AC67BD24-CB31-4E99-9C41-13041197BD34}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    CodeIntegrity:
    ===================================
    Date: 2019-11-09 14:43:50.820
    Description:
    Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
    Date: 2019-11-09 14:43:50.815
    Description:
    Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
    Date: 2019-11-09 14:43:50.811
    Description:
    Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
    Date: 2019-11-09 14:43:50.806
    Description:
    Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
    Date: 2019-11-09 14:43:50.782
    Description:
    Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
    Date: 2019-11-09 14:43:40.749
    Description:
    Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
    Date: 2019-11-09 14:43:40.501
    Description:
    Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
    Date: 2019-10-10 20:43:52.736
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system.
    ==================== Memory info ===========================
    BIOS: American Megatrends Inc. ZN242GD.305 06/14/2019
    Motherboard: ASUSTeK COMPUTER INC. ZN242GD
    Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
    Percentage of memory in use: 36%
    Total physical RAM: 12221.31 MB
    Available physical RAM: 7706.12 MB
    Total Virtual: 14077.31 MB
    Available Virtual: 8255.86 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:118.19 GB) (Free:5.15 GB) NTFS
    Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:930.79 GB) NTFS
    Drive e: () (Removable) (Total:14.83 GB) (Free:14.82 GB) FAT32
    \\?\Volume{7272db3b-358c-4313-afcc-916498e6e2ee}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.39 GB) NTFS
    \\?\Volume{a371a069-215e-4c0e-a6f0-3b7024ed46f1}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
    ==================== MBR & Partition Table ====================
    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 9FED2F54)
    Partition: GPT.
    ==========================================================
    Disk: 1 (Size: 119.2 GB) (Disk ID: 41E45913)
    Partition: GPT.
    ==========================================================
    Disk: 2 (Size: 14.8 GB) (Disk ID: F7FD6F42)
    Partition 1: (Not Active) - (Size=14.8 GB) - (Type=0C)
    ==================== End of Addition.txt =======================
     
    norman, Nov 10, 2019
    #5
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    broni, Nov 10, 2019
    #6
  7. norman

    norman Established Techie7 Member

    Fix result of Farbar Recovery Scan Tool (x64) Version: 09-11-2019 01
    Ran by Norman Norris (10-11-2019 11:35:57) Run:1
    Running from C:\Users\Norman Norris\Desktop
    Loaded Profiles: Norman Norris (Available Profiles: Norman Norris)
    Boot Mode: Normal
    ==============================================
    fixlist content:
    *****************
    S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
    2018-10-07 12:11 - 2018-10-10 19:52 - 000001456 _____ () C:\Users\Norman Norris\AppData\Local\Adobe Save for Web 13.0 Prefs
    2018-09-26 14:55 - 2018-09-26 14:55 - 000000000 _____ () C:\Users\Norman Norris\AppData\Local\oobelibMkey.log
    AlternateDataStreams: C:\Users\Norman Norris\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    FirewallRules: [{AC48F4EF-6273-475F-BCCA-AF0B5A6CC114}] => (Allow) C:\Users\Norman Norris\AppData\Local\Programs\Opera\58.0.3135.90\opera.exe No File
    *****************
    HKLM\System\CurrentControlSet\Services\DevActSvc => removed successfully
    DevActSvc => service removed successfully
    C:\Users\Norman Norris\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
    C:\Users\Norman Norris\AppData\Local\oobelibMkey.log => moved successfully
    C:\Users\Norman Norris\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC48F4EF-6273-475F-BCCA-AF0B5A6CC114}" => removed successfully
    ==== End of Fixlog 11:35:57 ====
     
    norman, Nov 10, 2019
    #7
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
    broni, Nov 10, 2019
    #8
  9. norman

    norman Established Techie7 Member

    Okay, thank you I will get them done shortly.
     
    norman, Nov 12, 2019
    #9
  10. norman

    norman Established Techie7 Member

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Google Chrome (78.0.3904.97)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamtray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 27-01-2016
    Ran by Norman Norris (administrator) on 12-11-2019 at 19:00:07
    Running from "C:\Users\Norman Norris\Desktop"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Policy:
    ========================

    Security Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed

    **** End of log ****

    Last scan there wasn't any threats to report.
     
    norman, Nov 13, 2019
    #10
  11. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Your computer is clean [img=[URL]https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg][/URL]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

    7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    9. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    10. Please, let me know, how your computer is doing.
     
    broni, Nov 13, 2019
    #11
  12. norman

    norman Established Techie7 Member

    Thank you so much! Was there any major infection? Curious, because I was getting this page that would pop up telling to call Microsoft because my computer was infected.
     
    norman, Nov 13, 2019
    #12
  13. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    I didn't see anything serious.
    In what browser did you get that fake popup?
     
    broni, Nov 14, 2019
    #13
  14. norman

    norman Established Techie7 Member

    Edge
     
    norman, Nov 14, 2019
    #14
  15. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    broni, Nov 15, 2019
    #15
  16. norman

    norman Established Techie7 Member

    I did all that and today when I got home and open Edge this is what I keep getting:


    upload_2019-11-15_15-5-52.png
     
    norman, Nov 15, 2019
    #16
  17. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    What's the web page you're on?
    Pages like this happen and it doesn't have anything to with any infection.
     
    broni, Nov 15, 2019
    #17
  18. norman

    norman Established Techie7 Member

    norman, Nov 15, 2019
    #18
  19. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Let's try to reset your router.

    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer.
     
    broni, Nov 16, 2019
    #19
  20. norman

    norman Established Techie7 Member

    Everything seems to be working good. If I get that message just ignore it then? Is so, thanks for you time and work. Have a great holiday Broni!!!
     
    norman, Nov 17, 2019
    #20
Page 1 of 2