Pending OP Response Dell xps Studio desktop infected?

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

celia

PCHF Member
PCHF Member
Aug 28, 2016
8
0
62
Hoping you can help me here, PC is not running the way it should. Am I infected?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.01.2019
Ran by Celia (administrator) on DESKTOP-6U06PFH (26-01-2019 20:22:11)
Running from C:\Users\Celia\Downloads
Loaded Profiles: Celia (Available Profiles: Celia)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MpCmdRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.285.230.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-30] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\Run: [AppMaster] => C:\Users\Celia\AppData\Roaming\AppMaster\AppMaster.exe update force://update?from=startup
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{674e49ce-200b-4b55-8217-8b03bd2c3b70}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{975a2eb8-aa71-4366-b7ae-2e2c0255d4b6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-763389062-386558237-392076011-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-763389062-386558237-392076011-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-763389062-386558237-392076011-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-01-07] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: m8wcgitb.default
FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\m8wcgitb.default [2019-01-26]
FF Homepage: Mozilla\Firefox\Profiles\m8wcgitb.default -> hxxps://www.google.com/search?client=firefox-b-1-ab&q=
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default [2018-12-16]
CHR Extension: (Slides) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-05]
CHR Extension: (Docs) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-05]
CHR Extension: (Google Drive) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-16]
CHR Extension: (YouTube) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-05]
CHR Extension: (Sheets) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-05]
CHR Extension: (Gmail) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-05]
CHR Extension: (Chrome Media Router) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-24] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-24] (Microsoft Corporation)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7978296 2018-03-21] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Corporation)
S3 NPF; \SystemRoot\system32\DRIVERS\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-26 20:18 - 2019-01-26 20:21 - 000021481 _____ C:\Users\Celia\Downloads\Addition.txt
2019-01-26 20:15 - 2019-01-26 20:23 - 000011930 _____ C:\Users\Celia\Downloads\FRST.txt
2019-01-26 20:15 - 2019-01-26 20:22 - 000000000 ____D C:\FRST
2019-01-26 20:12 - 2019-01-26 20:12 - 002428416 _____ (Farbar) C:\Users\Celia\Downloads\FRST64.exe
2019-01-26 20:03 - 2019-01-26 20:03 - 000000000 ____D C:\Program Files (x86)\ASUS USB-AC53 Nano USB Wireless adapter Driver
2019-01-26 20:03 - 2018-03-22 11:43 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\SysWOW64\Rtlihvs.dll
2019-01-26 20:03 - 2018-03-22 11:43 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\Rtlihvs.dll
2019-01-26 20:03 - 2018-03-22 11:41 - 000451072 _____ C:\WINDOWS\SysWOW64\ISSRemoveSP.exe
2019-01-26 20:03 - 2018-03-21 22:57 - 007978296 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlanu.sys
2019-01-26 20:03 - 2018-03-21 22:57 - 000011040 _____ C:\WINDOWS\system32\Drivers\TXPWR_LMT.txt
2019-01-26 20:03 - 2018-03-21 22:57 - 000004626 _____ C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt
2019-01-26 18:43 - 2011-07-22 10:33 - 000025056 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\SCMNdisP.sys
2019-01-26 17:52 - 2019-01-26 17:56 - 036524491 _____ C:\Users\Celia\Downloads\WNA3100 Software Version 2.0.zip
2019-01-26 17:18 - 2019-01-26 17:20 - 000000000 ____D C:\AdwCleaner
2019-01-26 17:17 - 2019-01-26 17:17 - 007320272 _____ (Malwarebytes) C:\Users\Celia\Downloads\adwcleaner_7.2.6.0.exe
2019-01-19 11:55 - 2019-01-19 11:56 - 000048640 _____ C:\Users\Celia\Documents\RE The certificate of title from the NYS DMV . . . .msg
2019-01-16 05:19 - 2019-01-16 05:19 - 001202680 _____ (Adobe Systems Incorporated) C:\Users\Celia\Downloads\readerdc_en_xa_crd_install.exe
2019-01-11 16:08 - 2019-01-11 16:10 - 000582584 _____ C:\Users\Celia\Downloads\personal_abstract.pdf
2019-01-08 13:51 - 2019-01-01 08:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-08 13:51 - 2019-01-01 08:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-08 13:51 - 2019-01-01 02:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-08 13:51 - 2019-01-01 02:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-08 13:51 - 2019-01-01 02:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-08 13:51 - 2019-01-01 01:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-08 13:51 - 2019-01-01 01:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-08 13:51 - 2019-01-01 01:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-08 13:51 - 2019-01-01 01:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-08 13:51 - 2019-01-01 01:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-08 13:51 - 2019-01-01 01:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-08 13:51 - 2019-01-01 01:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-08 13:51 - 2019-01-01 01:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-08 13:51 - 2019-01-01 01:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-08 13:51 - 2019-01-01 01:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-08 13:50 - 2019-01-01 08:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-08 13:50 - 2019-01-01 08:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-08 13:50 - 2019-01-01 08:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-08 13:50 - 2019-01-01 08:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-08 13:50 - 2019-01-01 08:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-08 13:50 - 2019-01-01 08:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-08 13:50 - 2019-01-01 08:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-08 13:50 - 2019-01-01 08:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-08 13:50 - 2019-01-01 02:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-08 13:50 - 2019-01-01 02:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-08 13:50 - 2019-01-01 02:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-08 13:50 - 2019-01-01 02:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-08 13:50 - 2019-01-01 02:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-08 13:50 - 2019-01-01 02:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-08 13:50 - 2019-01-01 02:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-08 13:50 - 2019-01-01 01:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-08 13:50 - 2019-01-01 01:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-08 13:50 - 2019-01-01 01:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-08 13:50 - 2019-01-01 01:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-08 13:50 - 2019-01-01 01:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-08 13:50 - 2019-01-01 01:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-08 13:50 - 2019-01-01 01:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-08 13:50 - 2019-01-01 01:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-08 13:50 - 2019-01-01 01:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-08 13:50 - 2019-01-01 01:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-08 13:50 - 2019-01-01 01:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-08 13:50 - 2019-01-01 01:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-08 13:50 - 2019-01-01 01:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-08 13:50 - 2019-01-01 01:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-08 13:50 - 2019-01-01 01:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-08 13:50 - 2019-01-01 01:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-08 13:50 - 2019-01-01 00:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-08 13:50 - 2018-12-18 23:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 09:40 - 2019-01-08 09:40 - 000000000 ____D C:\Users\Celia\Desktop\CPR PERSOnal
2019-01-08 07:34 - 2019-01-08 07:34 - 000036864 _____ C:\Users\Celia\Documents\RE Three.msg
2019-01-03 12:48 - 2019-01-26 20:09 - 000000000 ____D C:\Users\Celia\AppData\LocalLow\Mozilla
2019-01-03 12:48 - 2019-01-03 12:48 - 000000000 ____D C:\Users\Celia\AppData\Roaming\Mozilla
2019-01-03 12:47 - 2019-01-12 09:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-03 12:47 - 2019-01-10 20:54 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-03 12:47 - 2019-01-03 12:55 - 000000000 ____D C:\Users\Celia\AppData\Local\Mozilla
2019-01-03 12:47 - 2019-01-03 12:47 - 000001214 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-01-03 12:46 - 2019-01-12 09:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-01-03 12:45 - 2019-01-03 12:45 - 000320032 _____ (Mozilla) C:\Users\Celia\Downloads\Firefox Installer.exe
2019-01-03 12:05 - 2019-01-03 12:05 - 000000000 ___HD C:\OneDriveTemp
2019-01-03 12:01 - 2019-01-12 10:03 - 000000000 ____D C:\WINDOWS\Minidump
2019-01-03 09:50 - 2019-01-03 09:50 - 000044032 _____ C:\Users\Celia\Documents\RE I now know the basics of SW's $$ problems.msg

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-26 20:23 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-26 20:11 - 2018-09-16 00:12 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BA86B362-154B-4F96-85C3-A16B4BCEDBB9}
2019-01-26 20:07 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-26 20:05 - 2018-06-07 20:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-26 20:04 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-26 20:03 - 2018-04-12 19:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-26 20:03 - 2017-09-29 08:46 - 000000184 _____ C:\WINDOWS\win.ini
2019-01-26 19:32 - 2018-06-07 20:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-26 18:34 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-26 18:33 - 2018-11-27 19:45 - 000000000 ____D C:\Users\Celia\AppData\Local\ElevatedDiagnostics
2019-01-26 17:13 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-26 17:12 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-25 22:25 - 2018-06-07 20:49 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-763389062-386558237-392076011-1001
2019-01-25 22:25 - 2018-04-12 18:53 - 000000000 ___RD C:\Users\Celia\OneDrive
2019-01-25 22:24 - 2018-06-07 20:37 - 000002361 _____ C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-24 12:23 - 2018-04-12 19:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-18 12:16 - 2018-11-16 01:21 - 000000000 ____D C:\Program Files\rempl
2019-01-18 11:00 - 2018-04-13 16:44 - 000000000 ____D C:\Program Files\Microsoft Office
2019-01-12 09:51 - 2018-06-07 20:37 - 000000000 ____D C:\Users\Celia
2019-01-11 05:38 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-08 19:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-08 19:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-08 14:06 - 2018-04-12 19:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-08 14:03 - 2018-04-12 19:22 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-08 14:02 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-04 12:06 - 2018-09-16 13:04 - 000000000 ____D C:\Users\Celia\Desktop\SCHOOL
2019-01-02 14:41 - 2018-07-10 19:10 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 14:41 - 2018-07-10 19:10 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-01 15:43 - 2018-06-07 20:46 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 20:32

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019
Ran by Celia (26-01-2019 20:24:58)
Running from C:\Users\Celia\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-06-08 01:51:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-763389062-386558237-392076011-500 - Administrator - Disabled)
Celia (S-1-5-21-763389062-386558237-392076011-1001 - Administrator - Enabled) => C:\Users\Celia
DefaultAccount (S-1-5-21-763389062-386558237-392076011-503 - Limited - Disabled)
Guest (S-1-5-21-763389062-386558237-392076011-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-763389062-386558237-392076011-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS USB-AC53 Nano USB Wireless adapter Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.0.1.3 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-763389062-386558237-392076011-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 64.0.2 (x86 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1459E270-D8CA-4714-A735-391619A2ED89} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-18] (Microsoft Corporation)
Task: {26F55F1D-08EE-4CFB-849B-3163309833EA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {29B88F5E-079A-4545-8F33-1D5AEE41BA9E} - System32\Tasks\UpdatePrt => C:\Users\Celia\AppData\Roaming\AppMaster\AppMaster.exe
Task: {389B5E0B-34B1-4F20-BF20-0941F734D293} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {3A5FBAE4-6C65-4C31-8B62-FF7CB47C3BC4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-01-07] (Microsoft Corporation)
Task: {44123528-2EDE-4403-A2F3-4166D0E3FFCD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {50D00740-4BF1-4D31-9324-399F3D535B79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {64E39E52-1D05-4396-B63B-371E50CF09A1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6B74A25D-87B2-42A9-A760-4B0BA002F37A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {736E7AF9-97B2-46CE-BF4E-4FD58436E063} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {7673DB89-B349-4084-A56A-7B242F658E60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-05] (Google Inc.)
Task: {C8093C67-8B55-407D-86F6-47D335BF82CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {C97561B4-AD4E-4DEF-BF4B-BDF57B1FD94C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-18] (Microsoft Corporation)
Task: {E0F46E34-DEAB-4BE2-8463-0E1E3D1EFA3F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-01-07] (Microsoft Corporation)
Task: {F68F8DA7-9243-4AF3-9451-B331722CD8DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-05] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 18:49 - 2016-11-14 06:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-15 20:01 - 2016-02-15 20:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 05:38 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-22 22:15 - 2019-01-22 22:16 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-22 22:15 - 2019-01-22 22:16 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-24 06:51 - 2018-10-24 06:51 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-22 22:15 - 2019-01-22 22:15 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-22 22:15 - 2019-01-22 22:15 - 010936320 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-22 22:15 - 2019-01-22 22:16 - 002920960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-11 03:10 - 2018-07-11 03:10 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-11-13 18:53 - 2018-11-01 01:55 - 005471232 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-11-13 18:53 - 2018-11-01 01:56 - 005082112 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2018-06-13 04:23 - 2018-06-08 04:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-13 04:23 - 2018-06-08 04:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-763389062-386558237-392076011-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\StartupApproved\Run: => "AppMaster"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{025D8BB5-8CA9-445D-80C9-AD0D7EE2C438}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{EB991D3D-38AF-42C0-AD18-37F8DF0E21AE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{48B6A69F-EF00-4B69-A498-33F116687955}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{711AD2D8-49EE-4C47-BDD8-EE7A048896CB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{9CED148B-9264-490C-AA72-EE49FA7309D3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{234582A9-2AA5-4AA1-B1FB-21C03FDDFA6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{57E154C8-75BC-467B-B91F-217D6B68744B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{57FE4707-D4C3-4401-A160-346355173AE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

==================== Restore Points =========================

08-01-2019 13:48:36 Windows Update
17-01-2019 01:50:56 Scheduled Checkpoint
26-01-2019 06:12:34 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2019 05:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.17134.1, time stamp: 0x96e0391b
Faulting module name: windows.storage.dll, version: 10.0.17134.471, time stamp: 0x4d1c0608
Exception code: 0xc0000005
Fault offset: 0x0000000000035b86
Faulting process id: 0x598
Faulting application start time: 0x01d4b5c42b2219bc
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\System32\windows.storage.dll
Report Id: 21bab371-95de-4d17-b129-63867daaca7e
Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1

Error: (01/26/2019 03:14:37 PM) (Source: Microsoft Office 16) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (01/26/2019 03:02:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.17134.523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2d44

Start Time: 01d4b5b1a18a535b

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 778c6a01-cb6d-4cbc-a292-58c0244f653c

Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (01/26/2019 01:54:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17134.523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 28d0

Start Time: 01d4b59eb09a5405

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: cae83664-2b32-45bd-95c4-34cd95dd165c

Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (01/26/2019 01:49:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (01/26/2019 01:49:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (01/26/2019 01:49:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (01/26/2019 01:49:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected


System errors:
=============
Error: (01/26/2019 08:08:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2019 08:05:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Stereo Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/26/2019 06:43:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/26/2019 06:16:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/26/2019 06:11:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/26/2019 06:03:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/26/2019 06:00:09 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNA3100 N300 Wireless USB Adapter, {78E5B174-F681-48D4-8156-94B3D6C00334}, had event 76

Error: (01/26/2019 05:45:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-01-03 21:00:52.551
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D134B7FD-EE1D-45C0-92B4-F52D7C5E737A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-03 20:47:26.088
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8BA1C1A4-DA2B-4602-A1B4-1AA76F9A518A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 92%
Total physical RAM: 2038.92 MB
Available physical RAM: 154.29 MB
Total Virtual: 4086.92 MB
Available Virtual: 1283.63 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:877.39 GB) NTFS

\\?\Volume{77e3ed41-0000-0000-0000-800200000000}\ (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2019-01-26 20:48:44
-----------------------------
20:48:44.670 OS Version: Windows x64 6.2.9200
20:48:44.670 Number of processors: 8 586 0x1A05
20:48:44.670 ComputerName: DESKTOP-6U06PFH UserName: Celia
20:49:00.224 Initialze error C000010E - driver not loaded
20:51:25.513 AVAST engine defs: 17030301
20:52:13.224 The log file has been saved successfully to "C:\Users\Celia\Desktop\aswMBR.txt"
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,054
487
PCHF Bunker
pchelpforum.net
Hi there @celia :)

We will need a log from AdwCleaner for further information.

Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.



Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click "Clean & Repair"



After selecting "Clean & Repair" another dialogue box may appear asking to restart now or later. If so choose "Clean & Restart Now"


Once the PC has restarted if AdwCleaner does not restart then open it again and click "Log Files" tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent "Clean" log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post :)
 

celia

PCHF Member
PCHF Member
Aug 28, 2016
8
0
62
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-25.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-27-2019
# Duration: 00:01:22
# OS: Windows 10 Home
# Scanned: 31744
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [6763 octets] - [26/01/2019 17:19:25]
AdwCleaner[C00].txt - [6241 octets] - [26/01/2019 17:20:13]
AdwCleaner[S01].txt - [1372 octets] - [26/01/2019 17:33:02]
AdwCleaner[C01].txt - [1558 octets] - [26/01/2019 17:33:30]
AdwCleaner[S02].txt - [1494 octets] - [26/01/2019 17:40:16]
AdwCleaner[C02].txt - [1680 octets] - [26/01/2019 17:42:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,054
487
PCHF Bunker
pchelpforum.net
That's good :) Let's go ahead and run another scan while I examine your logs.

We need you to run Malwarebytes Anti-Malware (MBAM) to get a log. Please download the free version of Malwarebytes HERE

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear and after the install click the new desktop icon
to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  • If the dashboard is not already displayed select it.
  • Then select Update to get the latest definition database.


  • Next we need to change a scanning option, select Settings on the main menu
  • Then Detection and Protection on the left.
  • Then select Scan for rootkits in the detection options, as well as the other two options already checked.


Now return to Dashboard on the main menu and select Scan Now at the bottom of the screen.



  • Allow Malwarebytes to scan your system. It may take some time depending on how much data loaded onto your hard drive. When the scan is finished any threats will be listed for action. Ensure all threats are selected, and click Remove Selected


A dialogue box may open and ask to restart the computer, if so select Yes



Once the computer restarts open Malwarebytes again and select History on the menu bar, Application logs, then click the scan just completed, then click Export, choose text file. Name the text file and select a location, preferably the desktop and close Malwarebytes.



Please copy and paste the contents of the text file in your next post :)
 

celia

PCHF Member
PCHF Member
Aug 28, 2016
8
0
62
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 1/27/19
Scan Time: 4:57 PM
Log File: 9ae73e7c-227e-11e9-aaec-f04da23abff6.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.527
Update Package Version: 1.0.8986
License: Trial
-System Information-
OS: Windows 10 (Build 17134.523)
CPU: x64
File System: NTFS
User: DESKTOP-6U06PFH\Celia
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 274486
Threats Detected: 10
Threats Quarantined: 10
Time Elapsed: 4 min, 34 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 7
PUP.Optional.AppMaster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATEPRT, Quarantined, [4479], [559421],1.0.8986
PUP.Optional.AppMaster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{29B88F5E-079A-4545-8F33-1D5AEE41BA9E}, Quarantined, [4479], [559421],1.0.8986
PUP.Optional.AppMaster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{29B88F5E-079A-4545-8F33-1D5AEE41BA9E}, Quarantined, [4479], [559421],1.0.8986
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TweakBit, Quarantined, [1567], [349178],1.0.8986
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\DRIVER UPDATER\2.x, Quarantined, [1567], [330452],1.0.8986
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [1567], [244298],1.0.8986
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Driver Updater, Quarantined, [1567], [335588],1.0.8986
Registry Value: 2
PUP.Optional.AppMaster, HKU\S-1-5-21-763389062-386558237-392076011-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|APPMASTER, Quarantined, [4479], [559423],1.0.8986
PUP.Optional.AppMaster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{29B88F5E-079A-4545-8F33-1D5AEE41BA9E}|PATH, Quarantined, [4479], [559419],1.0.8986
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
PUP.Optional.AppMaster, C:\WINDOWS\SYSTEM32\TASKS\UPDATEPRT, Quarantined, [4479], [559421],1.0.8986
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)
 

celia

PCHF Member
PCHF Member
Aug 28, 2016
8
0
62
This pc is having a myriad of trouble that I'm trying to figure out.
1. Has slowed way down
2. will not go to sleep properly, shuts off when I try to wake it.
real tech audio not working.
I updated the bios and I may need to go into it and turn the audio on...

but over all it's performance has improved since running some of the programs here.
 

celia

PCHF Member
PCHF Member
Aug 28, 2016
8
0
62
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019
Ran by Celia (29-01-2019 18:35:59)
Running from C:\Users\Celia\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-06-08 01:51:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-763389062-386558237-392076011-500 - Administrator - Disabled)
Celia (S-1-5-21-763389062-386558237-392076011-1001 - Administrator - Enabled) => C:\Users\Celia
DefaultAccount (S-1-5-21-763389062-386558237-392076011-503 - Limited - Disabled)
Guest (S-1-5-21-763389062-386558237-392076011-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-763389062-386558237-392076011-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS USB-AC53 Nano USB Wireless adapter Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.0.1.3 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-763389062-386558237-392076011-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 64.0.2 (x86 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1459E270-D8CA-4714-A735-391619A2ED89} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-18] (Microsoft Corporation)
Task: {3A5FBAE4-6C65-4C31-8B62-FF7CB47C3BC4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-01-07] (Microsoft Corporation)
Task: {64E39E52-1D05-4396-B63B-371E50CF09A1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6B74A25D-87B2-42A9-A760-4B0BA002F37A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {736E7AF9-97B2-46CE-BF4E-4FD58436E063} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {7673DB89-B349-4084-A56A-7B242F658E60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-05] (Google Inc.)
Task: {C8093C67-8B55-407D-86F6-47D335BF82CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {C97561B4-AD4E-4DEF-BF4B-BDF57B1FD94C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-18] (Microsoft Corporation)
Task: {E0F46E34-DEAB-4BE2-8463-0E1E3D1EFA3F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-01-07] (Microsoft Corporation)
Task: {F68F8DA7-9243-4AF3-9451-B331722CD8DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-05] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-27 16:21 - 2016-11-14 06:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-15 20:01 - 2016-02-15 20:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2019-01-27 16:55 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2019-01-27 16:55 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 05:38 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-11 03:10 - 2018-07-11 03:10 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-24 06:51 - 2018-10-24 06:51 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-22 22:15 - 2019-01-22 22:15 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-22 22:15 - 2019-01-22 22:16 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-01-22 22:15 - 2019-01-22 22:15 - 010936320 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-22 22:15 - 2019-01-22 22:16 - 002920960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\skypert.dll
2019-01-22 22:15 - 2019-01-22 22:16 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-763389062-386558237-392076011-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\StartupApproved\Run: => "AppMaster"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{025D8BB5-8CA9-445D-80C9-AD0D7EE2C438}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{EB991D3D-38AF-42C0-AD18-37F8DF0E21AE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{48B6A69F-EF00-4B69-A498-33F116687955}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{711AD2D8-49EE-4C47-BDD8-EE7A048896CB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{9CED148B-9264-490C-AA72-EE49FA7309D3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{234582A9-2AA5-4AA1-B1FB-21C03FDDFA6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{57E154C8-75BC-467B-B91F-217D6B68744B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{57FE4707-D4C3-4401-A160-346355173AE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

==================== Restore Points =========================

08-01-2019 13:48:36 Windows Update
17-01-2019 01:50:56 Scheduled Checkpoint
26-01-2019 06:12:34 Scheduled Checkpoint
27-01-2019 11:43:40 AA11

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2019 07:29:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SkypeApp.exe version 8.37.0.98 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b40

Start Time: 01d4b768485020dc

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe

Report Id: 0e5563a0-8c0f-42b3-877d-b264d1e76be3

Faulting package full name: Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (01/27/2019 04:41:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 207c

Start Time: 01d4b687802b16d9

Termination Time: 11

Application Path: C:\Program Files\internet explorer\iexplore.exe

Report Id: 72aea498-5e86-40c7-a907-b74750fa298e

Faulting package full name:

Faulting package-relative application ID:

Error: (01/27/2019 02:31:22 PM) (Source: Microsoft Office 16) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Outlook.

Error: (01/27/2019 11:53:15 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (01/27/2019 11:45:11 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/27/2019 11:45:11 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/27/2019 11:45:10 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/27/2019 11:44:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVMUP.exe, version: 2.1002.175.1480, time stamp: 0x5527cb36
Faulting module name: NVI2.DLL, version: 2.1002.247.2107, time stamp: 0x58e33144
Exception code: 0x40000015
Fault offset: 0x00132704
Faulting process id: 0x2470
Faulting application start time: 0x01d4b65ed53b2ef5
Faulting application path: C:\ProgramData\Dell\drivers\8ea807ac-cbdf-4d35-bc67-83366d7d50e8\NVMUP.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{78F5E8DA-095A-4FD4-AC8C-B5389D4F811B}\NVI2.DLL
Report Id: 2cd0badd-ffd6-4c6a-b438-575197137268
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/29/2019 06:28:27 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000005c (0x0000000000000500, 0x0000000004000000, 0x00000000fbffffff, 0x00000000ffffffff). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: debedac6-9065-442c-b82f-1ca2edd49e5b.

Error: (01/29/2019 06:23:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/29/2019 06:22:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (01/29/2019 06:16:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:15:34 PM on ‎1/‎29/‎2019 was unexpected.

Error: (01/29/2019 02:52:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/29/2019 02:51:11 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000005c (0x0000000000000500, 0x0000000004000000, 0x00000000fbffffff, 0x00000000ffffffff). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 42f53784-19a3-4d0c-8f99-2ff86e8cd07f.

Error: (01/29/2019 02:50:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:15:34 PM on ‎1/‎29/‎2019 was unexpected.

Error: (01/29/2019 01:27:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-01-27 17:33:36.349
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F9B51E0F-8505-4C61-A955-5122686CBFA5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-27 17:29:36.634
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DF7FC608-00C6-4AB2-83A3-B169732E761E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-27 17:27:20.762
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C81F7ED3-9036-44DE-88C8-C56A123BA7A5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-26 21:36:18.549
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C38A3AC9-6DD8-4648-867C-8F2E6EBADED4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2019-01-27 18:17:19.907
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 81%
Total physical RAM: 2038.92 MB
Available physical RAM: 374.51 MB
Total Virtual: 4214.92 MB
Available Virtual: 1739.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:869.83 GB) NTFS

\\?\Volume{77e3ed41-0000-0000-0000-800200000000}\ (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2019
Ran by Celia (administrator) on DESKTOP-6U06PFH (29-01-2019 18:32:21)
Running from C:\Users\Celia\Downloads
Loaded Profiles: Celia (Available Profiles: Celia)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Celia\Downloads\FRST64(2).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StereoLinksInstall] => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{674e49ce-200b-4b55-8217-8b03bd2c3b70}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{975a2eb8-aa71-4366-b7ae-2e2c0255d4b6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-763389062-386558237-392076011-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-763389062-386558237-392076011-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-763389062-386558237-392076011-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-01-07] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-27] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: m8wcgitb.default
FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\m8wcgitb.default [2019-01-29]
FF Homepage: Mozilla\Firefox\Profiles\m8wcgitb.default -> hxxps://www.google.com/search?client=firefox-b-1-ab&q=
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default [2018-12-16]
CHR Extension: (Slides) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-05]
CHR Extension: (Docs) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-05]
CHR Extension: (Google Drive) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-16]
CHR Extension: (YouTube) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-05]
CHR Extension: (Sheets) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-05]
CHR Extension: (Gmail) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-05]
CHR Extension: (Chrome Media Router) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-24] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-24] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36400 2018-10-20] (Dell Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-29] (Malwarebytes)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7978296 2018-03-21] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [343032 2019-01-24] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Corporation)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S3 NPF; \SystemRoot\system32\DRIVERS\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-29 18:31 - 2019-01-29 18:31 - 002428416 _____ (Farbar) C:\Users\Celia\Downloads\FRST64(2).exe
2019-01-29 18:16 - 2019-01-29 18:28 - 001245884 _____ C:\WINDOWS\Minidump\012919-31968-01.dmp
2019-01-29 14:50 - 2019-01-29 14:51 - 001302436 _____ C:\WINDOWS\Minidump\012919-30031-01.dmp
2019-01-29 13:25 - 2019-01-29 13:26 - 001571484 _____ C:\WINDOWS\Minidump\012919-31593-01.dmp
2019-01-29 10:55 - 2019-01-29 10:55 - 000933068 _____ C:\WINDOWS\Minidump\012919-31546-01.dmp
2019-01-28 19:16 - 2019-01-29 18:16 - 544738518 _____ C:\WINDOWS\MEMORY.DMP
2019-01-28 19:16 - 2019-01-28 19:17 - 001435292 _____ C:\WINDOWS\Minidump\012819-31812-01.dmp
2019-01-27 18:12 - 2019-01-29 18:27 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-27 18:12 - 2019-01-29 18:17 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-27 18:12 - 2019-01-27 18:12 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-27 18:12 - 2019-01-27 18:12 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-27 17:58 - 2019-01-27 17:58 - 000525792 _____ (Microsoft Corporation) C:\WINDOWS\DIFxAPI.dll
2019-01-27 17:04 - 2019-01-27 17:04 - 000002542 _____ C:\Users\Celia\Desktop\malwarebytes report.txt
2019-01-27 16:57 - 2019-01-27 16:57 - 000000000 ____D C:\Users\Celia\AppData\Local\mbam
2019-01-27 16:56 - 2019-01-27 16:56 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-01-27 16:56 - 2019-01-27 16:56 - 000000000 ____D C:\Users\Celia\AppData\Local\mbamtray
2019-01-27 16:55 - 2019-01-27 16:55 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-27 16:55 - 2019-01-27 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-27 16:55 - 2019-01-27 16:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-27 16:55 - 2019-01-27 16:55 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-27 16:55 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-27 16:39 - 2019-01-27 16:39 - 000000000 ____D C:\Users\Celia\AppData\Roaming\Macromedia
2019-01-27 16:33 - 2019-01-27 16:33 - 000000000 ____D C:\Users\Celia\AppData\Roaming\Sun
2019-01-27 16:33 - 2019-01-27 16:33 - 000000000 ____D C:\Users\Celia\AppData\LocalLow\Sun
2019-01-27 16:33 - 2019-01-27 16:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-27 16:33 - 2019-01-27 16:32 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-01-27 16:32 - 2019-01-27 16:32 - 000000000 ____D C:\ProgramData\Oracle
2019-01-27 16:32 - 2019-01-27 16:32 - 000000000 ____D C:\Program Files (x86)\Java
2019-01-27 16:21 - 2019-01-27 16:44 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-27 16:21 - 2016-11-14 06:15 - 006789056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-27 16:21 - 2016-11-14 06:15 - 003528128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-27 16:21 - 2016-11-14 06:15 - 002558512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-27 16:21 - 2016-11-14 06:15 - 000932728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2019-01-27 16:21 - 2016-11-14 06:15 - 000384888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-27 16:21 - 2016-11-14 06:15 - 000062328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-27 16:21 - 2016-11-14 04:09 - 007513855 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-27 11:57 - 2019-01-27 11:57 - 306673592 _____ (NVIDIA Corporation) C:\Users\Celia\Downloads\342.01-desktop-win10-64bit-international.exe
2019-01-27 11:39 - 2019-01-27 11:39 - 000000000 ____D C:\WINDOWS\nvmup
2019-01-27 11:34 - 2019-01-27 11:35 - 000000000 ____D C:\ProgramData\Dell
2019-01-27 11:26 - 2019-01-27 11:34 - 585537504 _____ (Dell Inc.) C:\Users\Celia\Downloads\nVIDIA-GeForce-Desktop-Graphics-Driver_NV3PY_WIN_22.21.13.8167_A00.EXE
2019-01-27 11:22 - 2019-01-27 11:23 - 101978488 _____ C:\Users\Celia\Downloads\R262036.exe
2019-01-27 11:08 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2019-01-27 11:08 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2019-01-27 11:08 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2019-01-27 11:08 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2019-01-27 11:08 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2019-01-27 11:08 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2019-01-27 11:03 - 2019-01-27 11:04 - 000000000 ____D C:\WINDOWS\LastGood
2019-01-27 11:02 - 2015-08-18 03:48 - 000038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2019-01-27 11:02 - 2015-08-18 03:48 - 000035472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2019-01-27 11:02 - 2015-08-18 03:48 - 000032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2019-01-27 10:59 - 2019-01-27 10:59 - 282835496 _____ (NVIDIA Corporation) C:\Users\Celia\Downloads\341.81-desktop-win10-64bit-international.exe
2019-01-27 00:12 - 2019-01-27 00:12 - 000000000 ____D C:\Users\Celia\AppData\Local\AdAwareDesktop
2019-01-27 00:04 - 2019-01-27 00:04 - 007320272 _____ (Malwarebytes) C:\Users\Celia\Downloads\adwcleaner_7.2.6.0(1).exe
2019-01-26 23:52 - 2019-01-26 23:52 - 000689864 _____ (PC Drivers HeadQuarters LP) C:\Users\Celia\Downloads\DriverSupport(1).exe
2019-01-26 23:51 - 2019-01-26 23:52 - 000689864 _____ (PC Drivers HeadQuarters LP) C:\Users\Celia\Downloads\DriverSupport.exe
2019-01-26 23:42 - 2019-01-26 23:42 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-01-26 23:29 - 2019-01-26 23:29 - 000391200 _____ (Dell Inc.) C:\Users\Celia\Downloads\SupportAssistLauncher(1).exe
2019-01-26 23:20 - 2019-01-29 18:16 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2019-01-26 23:14 - 2019-01-26 23:14 - 000391192 _____ (Dell Inc.) C:\Users\Celia\Downloads\SupportAssistInstaller.exe
2019-01-26 22:04 - 2019-01-26 22:04 - 000000000 ____D C:\ProgramData\PCDr
2019-01-26 22:01 - 2019-01-26 22:01 - 001376000 _____ C:\Users\Celia\Downloads\S9100-A04.exe
2019-01-26 22:00 - 2019-01-27 11:57 - 000000000 ____D C:\ProgramData\SupportAssist
2019-01-26 22:00 - 2019-01-27 11:57 - 000000000 ____D C:\Program Files\Dell
2019-01-26 22:00 - 2019-01-26 22:00 - 000000000 ____D C:\Users\Celia\AppData\Local\Dell Inc
2019-01-26 21:59 - 2019-01-26 21:59 - 000391200 _____ (Dell Inc.) C:\Users\Celia\Downloads\SupportAssistLauncher.exe
2019-01-26 21:55 - 2019-01-26 21:55 - 000000345 _____ C:\Users\Celia\Downloads\JRT.exe
2019-01-26 21:35 - 2019-01-26 21:35 - 000000000 ____D C:\Users\Celia\AppData\Local\AdAwareUpdater
2019-01-26 21:32 - 2019-01-26 21:32 - 002708912 _____ C:\Users\Celia\Downloads\Adaware_Installer.exe
2019-01-26 21:30 - 2019-01-26 21:30 - 005660510 _____ (Swearware) C:\Users\Celia\Downloads\ComboFix.exe
2019-01-26 20:52 - 2019-01-26 20:52 - 000000496 _____ C:\Users\Celia\Desktop\aswMBR.txt
2019-01-26 20:47 - 2019-01-26 20:47 - 000001025 _____ C:\Users\Celia\Desktop\aswmbr(1) - Shortcut.lnk
2019-01-26 20:45 - 2019-01-26 20:45 - 005200384 _____ (AVAST Software) C:\Users\Celia\Downloads\aswmbr(1).exe
2019-01-26 20:38 - 2019-01-26 20:43 - 002428416 _____ (Farbar) C:\Users\Celia\Downloads\FRST64(1).exe
2019-01-26 20:32 - 2019-01-26 20:32 - 005200384 _____ (AVAST Software) C:\Users\Celia\Downloads\aswmbr.exe
2019-01-26 20:18 - 2019-01-26 20:27 - 000021814 _____ C:\Users\Celia\Downloads\Addition.txt
2019-01-26 20:15 - 2019-01-29 18:34 - 000012584 _____ C:\Users\Celia\Downloads\FRST.txt
2019-01-26 20:15 - 2019-01-29 18:32 - 000000000 ____D C:\FRST
2019-01-26 20:12 - 2019-01-26 20:12 - 002428416 _____ (Farbar) C:\Users\Celia\Downloads\FRST64.exe
2019-01-26 20:03 - 2019-01-26 20:03 - 000000000 ____D C:\Program Files (x86)\ASUS USB-AC53 Nano USB Wireless adapter Driver
2019-01-26 20:03 - 2018-03-22 11:43 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\SysWOW64\Rtlihvs.dll
2019-01-26 20:03 - 2018-03-22 11:43 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\Rtlihvs.dll
2019-01-26 20:03 - 2018-03-22 11:41 - 000451072 _____ C:\WINDOWS\SysWOW64\ISSRemoveSP.exe
2019-01-26 20:03 - 2018-03-21 22:57 - 007978296 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlanu.sys
2019-01-26 20:03 - 2018-03-21 22:57 - 000011040 _____ C:\WINDOWS\system32\Drivers\TXPWR_LMT.txt
2019-01-26 20:03 - 2018-03-21 22:57 - 000004626 _____ C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt
2019-01-26 18:43 - 2011-07-22 10:33 - 000025056 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\SCMNdisP.sys
2019-01-26 17:52 - 2019-01-26 17:56 - 036524491 _____ C:\Users\Celia\Downloads\WNA3100 Software Version 2.0.zip
2019-01-26 17:18 - 2019-01-26 17:20 - 000000000 ____D C:\AdwCleaner
2019-01-26 17:17 - 2019-01-26 17:17 - 007320272 _____ (Malwarebytes) C:\Users\Celia\Downloads\adwcleaner_7.2.6.0.exe
2019-01-19 11:55 - 2019-01-19 11:56 - 000048640 _____ C:\Users\Celia\Documents\RE The certificate of title from the NYS DMV . . . .msg
2019-01-16 05:19 - 2019-01-16 05:19 - 001202680 _____ (Adobe Systems Incorporated) C:\Users\Celia\Downloads\readerdc_en_xa_crd_install.exe
2019-01-11 16:08 - 2019-01-11 16:10 - 000582584 _____ C:\Users\Celia\Downloads\personal_abstract.pdf
2019-01-08 13:51 - 2019-01-01 08:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-08 13:51 - 2019-01-01 08:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-08 13:51 - 2019-01-01 02:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-08 13:51 - 2019-01-01 02:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-08 13:51 - 2019-01-01 02:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-08 13:51 - 2019-01-01 01:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-08 13:51 - 2019-01-01 01:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-08 13:51 - 2019-01-01 01:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-08 13:51 - 2019-01-01 01:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-08 13:51 - 2019-01-01 01:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-08 13:51 - 2019-01-01 01:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-08 13:51 - 2019-01-01 01:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-08 13:51 - 2019-01-01 01:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-08 13:51 - 2019-01-01 01:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-08 13:51 - 2019-01-01 01:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-08 13:50 - 2019-01-01 08:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-08 13:50 - 2019-01-01 08:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-08 13:50 - 2019-01-01 08:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-08 13:50 - 2019-01-01 08:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-08 13:50 - 2019-01-01 08:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-08 13:50 - 2019-01-01 08:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-08 13:50 - 2019-01-01 08:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-08 13:50 - 2019-01-01 08:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-08 13:50 - 2019-01-01 02:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-08 13:50 - 2019-01-01 02:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-08 13:50 - 2019-01-01 02:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-08 13:50 - 2019-01-01 02:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-08 13:50 - 2019-01-01 02:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-08 13:50 - 2019-01-01 02:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-08 13:50 - 2019-01-01 02:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-08 13:50 - 2019-01-01 01:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-08 13:50 - 2019-01-01 01:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-08 13:50 - 2019-01-01 01:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-08 13:50 - 2019-01-01 01:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-08 13:50 - 2019-01-01 01:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-08 13:50 - 2019-01-01 01:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-08 13:50 - 2019-01-01 01:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-08 13:50 - 2019-01-01 01:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-08 13:50 - 2019-01-01 01:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-08 13:50 - 2019-01-01 01:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-08 13:50 - 2019-01-01 01:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-08 13:50 - 2019-01-01 01:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-08 13:50 - 2019-01-01 01:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-08 13:50 - 2019-01-01 01:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-08 13:50 - 2019-01-01 01:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-08 13:50 - 2019-01-01 01:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-08 13:50 - 2019-01-01 00:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-08 13:50 - 2018-12-18 23:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 09:40 - 2019-01-08 09:40 - 000000000 ____D C:\Users\Celia\Desktop\CPR PERSOnal
2019-01-08 07:34 - 2019-01-08 07:34 - 000036864 _____ C:\Users\Celia\Documents\RE Three.msg
2019-01-03 12:48 - 2019-01-29 18:21 - 000000000 ____D C:\Users\Celia\AppData\LocalLow\Mozilla
2019-01-03 12:48 - 2019-01-03 12:48 - 000000000 ____D C:\Users\Celia\AppData\Roaming\Mozilla
2019-01-03 12:47 - 2019-01-12 09:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-03 12:47 - 2019-01-10 20:54 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-03 12:47 - 2019-01-03 12:55 - 000000000 ____D C:\Users\Celia\AppData\Local\Mozilla
2019-01-03 12:47 - 2019-01-03 12:47 - 000001214 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-01-03 12:46 - 2019-01-12 09:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-01-03 12:45 - 2019-01-03 12:45 - 000320032 _____ (Mozilla) C:\Users\Celia\Downloads\Firefox Installer.exe
2019-01-03 12:05 - 2019-01-03 12:05 - 000000000 ___HD C:\OneDriveTemp
2019-01-03 12:01 - 2019-01-29 18:16 - 000000000 ____D C:\WINDOWS\Minidump
2019-01-03 09:50 - 2019-01-03 09:50 - 000044032 _____ C:\Users\Celia\Documents\RE I now know the basics of SW's $$ problems.msg

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-29 18:27 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-29 18:16 - 2018-06-07 20:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-29 18:16 - 2018-06-07 20:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-29 13:36 - 2018-09-16 00:12 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BA86B362-154B-4F96-85C3-A16B4BCEDBB9}
2019-01-29 13:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-29 11:42 - 2018-07-11 03:11 - 000000000 ____D C:\ProgramData\Packages
2019-01-29 11:42 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-27 22:33 - 2018-06-07 20:37 - 000000000 ____D C:\Users\Celia
2019-01-27 18:11 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-27 18:00 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-27 17:58 - 2018-04-12 19:07 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-01-27 16:25 - 2018-04-12 18:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-01-27 16:23 - 2018-04-12 18:49 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-01-27 16:21 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Help
2019-01-27 16:20 - 2018-04-12 18:49 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-01-27 16:18 - 2018-06-07 20:33 - 000401392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-27 11:17 - 2018-06-07 20:46 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-26 23:41 - 2018-04-12 19:06 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-01-26 23:41 - 2018-04-12 19:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-26 23:24 - 2018-11-27 19:45 - 000000000 ____D C:\Users\Celia\AppData\Local\ElevatedDiagnostics
2019-01-26 22:10 - 2018-04-12 18:50 - 000000000 ____D C:\Users\Celia\AppData\Local\Packages
2019-01-26 21:53 - 2018-09-01 20:46 - 000000000 ____D C:\Users\Celia\AppData\Local\D3DSCache
2019-01-26 20:03 - 2017-09-29 08:46 - 000000184 _____ C:\WINDOWS\win.ini
2019-01-26 18:34 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-25 22:25 - 2018-06-07 20:49 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-763389062-386558237-392076011-1001
2019-01-25 22:25 - 2018-04-12 18:53 - 000000000 ___RD C:\Users\Celia\OneDrive
2019-01-25 22:24 - 2018-06-07 20:37 - 000002361 _____ C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-24 12:23 - 2018-04-12 19:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-18 12:16 - 2018-11-16 01:21 - 000000000 ____D C:\Program Files\rempl
2019-01-18 11:00 - 2018-04-13 16:44 - 000000000 ____D C:\Program Files\Microsoft Office
2019-01-11 05:38 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-08 19:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-08 19:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-08 14:06 - 2018-04-12 19:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-08 14:03 - 2018-04-12 19:22 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-08 14:02 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-04 12:06 - 2018-09-16 13:04 - 000000000 ____D C:\Users\Celia\Desktop\SCHOOL
2019-01-02 14:41 - 2018-07-10 19:10 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 14:41 - 2018-07-10 19:10 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
2019-01-27 11:51 - 2017-04-04 01:05 - 000367552 _____ (NVIDIA Corporation) C:\Users\Celia\AppData\Local\Temp\nvStInst.exe
2019-01-26 22:05 - 2019-01-26 22:05 - 074681344 _____ (PC-Doctor, Inc.) C:\Users\Celia\AppData\Local\Temp\tmp89ED.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 20:32

==================== End of FRST.txt ============================
 

celia

PCHF Member
PCHF Member
Aug 28, 2016
8
0
62
The latest read up on the computer not waking from sleep made something to do with windows update Fall Creator. D you know ho I can roll it back to the previous version of window?
 

celia

PCHF Member
PCHF Member
Aug 28, 2016
8
0
62
I meant to say a previous version of Windows 10 prior to the Fall Creator update.
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,054
487
PCHF Bunker
pchelpforum.net
You have a suspicious driver on your system: npf.sys

Do you use WinPCap?

You can always do a Refresh of Windows 10, but it'll erase everything and do a clean install.
 

celia

PCHF Member
PCHF Member
Aug 28, 2016
8
0
62
I/ve uninstall everything that was Nvidia related by add remove and uninstalled all files in programs and restarted the computer and it reloaded the drivers for the video card. It seems to be working ok. The problem with the sleep setting not working will most likely mean a reinstall of windows and turning off updates to avoid the Fall creator update. Thank you for your feedback.