Hoping you can help me here, PC is not running the way it should. Am I infected?
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.01.2019
Ran by Celia (administrator) on DESKTOP-6U06PFH (26-01-2019 20:22:11)
Running from C:\Users\Celia\Downloads
Loaded Profiles: Celia (Available Profiles: Celia)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MpCmdRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.285.230.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-30] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\Run: [AppMaster] => C:\Users\Celia\AppData\Roaming\AppMaster\AppMaster.exe update force://update?from=startup
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{674e49ce-200b-4b55-8217-8b03bd2c3b70}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{975a2eb8-aa71-4366-b7ae-2e2c0255d4b6}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-763389062-386558237-392076011-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-763389062-386558237-392076011-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-763389062-386558237-392076011-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-01-07] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: m8wcgitb.default
FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\m8wcgitb.default [2019-01-26]
FF Homepage: Mozilla\Firefox\Profiles\m8wcgitb.default -> hxxps://www.google.com/search?client=firefox-b-1-ab&q=
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default [2018-12-16]
CHR Extension: (Slides) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-05]
CHR Extension: (Docs) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-05]
CHR Extension: (Google Drive) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-16]
CHR Extension: (YouTube) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-05]
CHR Extension: (Sheets) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-05]
CHR Extension: (Gmail) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-05]
CHR Extension: (Chrome Media Router) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-24] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-24] (Microsoft Corporation)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7978296 2018-03-21] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Corporation)
S3 NPF; \SystemRoot\system32\DRIVERS\npf.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-26 20:18 - 2019-01-26 20:21 - 000021481 _____ C:\Users\Celia\Downloads\Addition.txt
2019-01-26 20:15 - 2019-01-26 20:23 - 000011930 _____ C:\Users\Celia\Downloads\FRST.txt
2019-01-26 20:15 - 2019-01-26 20:22 - 000000000 ____D C:\FRST
2019-01-26 20:12 - 2019-01-26 20:12 - 002428416 _____ (Farbar) C:\Users\Celia\Downloads\FRST64.exe
2019-01-26 20:03 - 2019-01-26 20:03 - 000000000 ____D C:\Program Files (x86)\ASUS USB-AC53 Nano USB Wireless adapter Driver
2019-01-26 20:03 - 2018-03-22 11:43 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\SysWOW64\Rtlihvs.dll
2019-01-26 20:03 - 2018-03-22 11:43 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\Rtlihvs.dll
2019-01-26 20:03 - 2018-03-22 11:41 - 000451072 _____ C:\WINDOWS\SysWOW64\ISSRemoveSP.exe
2019-01-26 20:03 - 2018-03-21 22:57 - 007978296 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlanu.sys
2019-01-26 20:03 - 2018-03-21 22:57 - 000011040 _____ C:\WINDOWS\system32\Drivers\TXPWR_LMT.txt
2019-01-26 20:03 - 2018-03-21 22:57 - 000004626 _____ C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt
2019-01-26 18:43 - 2011-07-22 10:33 - 000025056 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\SCMNdisP.sys
2019-01-26 17:52 - 2019-01-26 17:56 - 036524491 _____ C:\Users\Celia\Downloads\WNA3100 Software Version 2.0.zip
2019-01-26 17:18 - 2019-01-26 17:20 - 000000000 ____D C:\AdwCleaner
2019-01-26 17:17 - 2019-01-26 17:17 - 007320272 _____ (Malwarebytes) C:\Users\Celia\Downloads\adwcleaner_7.2.6.0.exe
2019-01-19 11:55 - 2019-01-19 11:56 - 000048640 _____ C:\Users\Celia\Documents\RE The certificate of title from the NYS DMV . . . .msg
2019-01-16 05:19 - 2019-01-16 05:19 - 001202680 _____ (Adobe Systems Incorporated) C:\Users\Celia\Downloads\readerdc_en_xa_crd_install.exe
2019-01-11 16:08 - 2019-01-11 16:10 - 000582584 _____ C:\Users\Celia\Downloads\personal_abstract.pdf
2019-01-08 13:51 - 2019-01-01 08:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-08 13:51 - 2019-01-01 08:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-08 13:51 - 2019-01-01 02:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-08 13:51 - 2019-01-01 02:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-08 13:51 - 2019-01-01 02:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-08 13:51 - 2019-01-01 01:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-08 13:51 - 2019-01-01 01:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-08 13:51 - 2019-01-01 01:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-08 13:51 - 2019-01-01 01:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-08 13:51 - 2019-01-01 01:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-08 13:51 - 2019-01-01 01:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-08 13:51 - 2019-01-01 01:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-08 13:51 - 2019-01-01 01:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-08 13:51 - 2019-01-01 01:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-08 13:51 - 2019-01-01 01:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-08 13:50 - 2019-01-01 08:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-08 13:50 - 2019-01-01 08:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-08 13:50 - 2019-01-01 08:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-08 13:50 - 2019-01-01 08:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-08 13:50 - 2019-01-01 08:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-08 13:50 - 2019-01-01 08:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-08 13:50 - 2019-01-01 08:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-08 13:50 - 2019-01-01 08:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-08 13:50 - 2019-01-01 02:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-08 13:50 - 2019-01-01 02:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-08 13:50 - 2019-01-01 02:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-08 13:50 - 2019-01-01 02:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-08 13:50 - 2019-01-01 02:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-08 13:50 - 2019-01-01 02:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-08 13:50 - 2019-01-01 02:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-08 13:50 - 2019-01-01 01:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-08 13:50 - 2019-01-01 01:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-08 13:50 - 2019-01-01 01:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-08 13:50 - 2019-01-01 01:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-08 13:50 - 2019-01-01 01:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-08 13:50 - 2019-01-01 01:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-08 13:50 - 2019-01-01 01:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-08 13:50 - 2019-01-01 01:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-08 13:50 - 2019-01-01 01:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-08 13:50 - 2019-01-01 01:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-08 13:50 - 2019-01-01 01:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-08 13:50 - 2019-01-01 01:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-08 13:50 - 2019-01-01 01:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-08 13:50 - 2019-01-01 01:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-08 13:50 - 2019-01-01 01:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-08 13:50 - 2019-01-01 01:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-08 13:50 - 2019-01-01 00:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-08 13:50 - 2018-12-18 23:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 09:40 - 2019-01-08 09:40 - 000000000 ____D C:\Users\Celia\Desktop\CPR PERSOnal
2019-01-08 07:34 - 2019-01-08 07:34 - 000036864 _____ C:\Users\Celia\Documents\RE Three.msg
2019-01-03 12:48 - 2019-01-26 20:09 - 000000000 ____D C:\Users\Celia\AppData\LocalLow\Mozilla
2019-01-03 12:48 - 2019-01-03 12:48 - 000000000 ____D C:\Users\Celia\AppData\Roaming\Mozilla
2019-01-03 12:47 - 2019-01-12 09:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-03 12:47 - 2019-01-10 20:54 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-03 12:47 - 2019-01-03 12:55 - 000000000 ____D C:\Users\Celia\AppData\Local\Mozilla
2019-01-03 12:47 - 2019-01-03 12:47 - 000001214 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-01-03 12:46 - 2019-01-12 09:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-01-03 12:45 - 2019-01-03 12:45 - 000320032 _____ (Mozilla) C:\Users\Celia\Downloads\Firefox Installer.exe
2019-01-03 12:05 - 2019-01-03 12:05 - 000000000 ___HD C:\OneDriveTemp
2019-01-03 12:01 - 2019-01-12 10:03 - 000000000 ____D C:\WINDOWS\Minidump
2019-01-03 09:50 - 2019-01-03 09:50 - 000044032 _____ C:\Users\Celia\Documents\RE I now know the basics of SW's $$ problems.msg
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-26 20:23 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-26 20:11 - 2018-09-16 00:12 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BA86B362-154B-4F96-85C3-A16B4BCEDBB9}
2019-01-26 20:07 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-26 20:05 - 2018-06-07 20:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-26 20:04 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-26 20:03 - 2018-04-12 19:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-26 20:03 - 2017-09-29 08:46 - 000000184 _____ C:\WINDOWS\win.ini
2019-01-26 19:32 - 2018-06-07 20:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-26 18:34 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-26 18:33 - 2018-11-27 19:45 - 000000000 ____D C:\Users\Celia\AppData\Local\ElevatedDiagnostics
2019-01-26 17:13 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-26 17:12 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-25 22:25 - 2018-06-07 20:49 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-763389062-386558237-392076011-1001
2019-01-25 22:25 - 2018-04-12 18:53 - 000000000 ___RD C:\Users\Celia\OneDrive
2019-01-25 22:24 - 2018-06-07 20:37 - 000002361 _____ C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-24 12:23 - 2018-04-12 19:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-18 12:16 - 2018-11-16 01:21 - 000000000 ____D C:\Program Files\rempl
2019-01-18 11:00 - 2018-04-13 16:44 - 000000000 ____D C:\Program Files\Microsoft Office
2019-01-12 09:51 - 2018-06-07 20:37 - 000000000 ____D C:\Users\Celia
2019-01-11 05:38 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-08 19:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-08 19:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-08 14:06 - 2018-04-12 19:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-08 14:03 - 2018-04-12 19:22 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-08 14:02 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-04 12:06 - 2018-09-16 13:04 - 000000000 ____D C:\Users\Celia\Desktop\SCHOOL
2019-01-02 14:41 - 2018-07-10 19:10 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 14:41 - 2018-07-10 19:10 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-01 15:43 - 2018-06-07 20:46 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-07 20:32
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019
Ran by Celia (26-01-2019 20:24:58)
Running from C:\Users\Celia\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-06-08 01:51:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-763389062-386558237-392076011-500 - Administrator - Disabled)
Celia (S-1-5-21-763389062-386558237-392076011-1001 - Administrator - Enabled) => C:\Users\Celia
DefaultAccount (S-1-5-21-763389062-386558237-392076011-503 - Limited - Disabled)
Guest (S-1-5-21-763389062-386558237-392076011-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-763389062-386558237-392076011-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ASUS USB-AC53 Nano USB Wireless adapter Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.0.1.3 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-763389062-386558237-392076011-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 64.0.2 (x86 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1459E270-D8CA-4714-A735-391619A2ED89} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-18] (Microsoft Corporation)
Task: {26F55F1D-08EE-4CFB-849B-3163309833EA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {29B88F5E-079A-4545-8F33-1D5AEE41BA9E} - System32\Tasks\UpdatePrt => C:\Users\Celia\AppData\Roaming\AppMaster\AppMaster.exe
Task: {389B5E0B-34B1-4F20-BF20-0941F734D293} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {3A5FBAE4-6C65-4C31-8B62-FF7CB47C3BC4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-01-07] (Microsoft Corporation)
Task: {44123528-2EDE-4403-A2F3-4166D0E3FFCD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {50D00740-4BF1-4D31-9324-399F3D535B79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {64E39E52-1D05-4396-B63B-371E50CF09A1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6B74A25D-87B2-42A9-A760-4B0BA002F37A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {736E7AF9-97B2-46CE-BF4E-4FD58436E063} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {7673DB89-B349-4084-A56A-7B242F658E60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-05] (Google Inc.)
Task: {C8093C67-8B55-407D-86F6-47D335BF82CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {C97561B4-AD4E-4DEF-BF4B-BDF57B1FD94C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-18] (Microsoft Corporation)
Task: {E0F46E34-DEAB-4BE2-8463-0E1E3D1EFA3F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-01-07] (Microsoft Corporation)
Task: {F68F8DA7-9243-4AF3-9451-B331722CD8DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-05] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 18:49 - 2016-11-14 06:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-15 20:01 - 2016-02-15 20:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 05:38 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-22 22:15 - 2019-01-22 22:16 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-22 22:15 - 2019-01-22 22:16 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-24 06:51 - 2018-10-24 06:51 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-22 22:15 - 2019-01-22 22:15 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-22 22:15 - 2019-01-22 22:15 - 010936320 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-22 22:15 - 2019-01-22 22:16 - 002920960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-11 03:10 - 2018-07-11 03:10 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-11-13 18:53 - 2018-11-01 01:55 - 005471232 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-11-13 18:53 - 2018-11-01 01:56 - 005082112 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2018-06-13 04:23 - 2018-06-08 04:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-13 04:23 - 2018-06-08 04:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-763389062-386558237-392076011-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\StartupApproved\Run: => "AppMaster"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{025D8BB5-8CA9-445D-80C9-AD0D7EE2C438}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{EB991D3D-38AF-42C0-AD18-37F8DF0E21AE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{48B6A69F-EF00-4B69-A498-33F116687955}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{711AD2D8-49EE-4C47-BDD8-EE7A048896CB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{9CED148B-9264-490C-AA72-EE49FA7309D3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{234582A9-2AA5-4AA1-B1FB-21C03FDDFA6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{57E154C8-75BC-467B-B91F-217D6B68744B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{57FE4707-D4C3-4401-A160-346355173AE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
==================== Restore Points =========================
08-01-2019 13:48:36 Windows Update
17-01-2019 01:50:56 Scheduled Checkpoint
26-01-2019 06:12:34 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2019 05:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.17134.1, time stamp: 0x96e0391b
Faulting module name: windows.storage.dll, version: 10.0.17134.471, time stamp: 0x4d1c0608
Exception code: 0xc0000005
Fault offset: 0x0000000000035b86
Faulting process id: 0x598
Faulting application start time: 0x01d4b5c42b2219bc
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\System32\windows.storage.dll
Report Id: 21bab371-95de-4d17-b129-63867daaca7e
Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1
Error: (01/26/2019 03:14:37 PM) (Source: Microsoft Office 16) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.
Error: (01/26/2019 03:02:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.17134.523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2d44
Start Time: 01d4b5b1a18a535b
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 778c6a01-cb6d-4cbc-a292-58c0244f653c
Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (01/26/2019 01:54:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17134.523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 28d0
Start Time: 01d4b59eb09a5405
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Report Id: cae83664-2b32-45bd-95c4-34cd95dd165c
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (01/26/2019 01:49:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (01/26/2019 01:49:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (01/26/2019 01:49:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (01/26/2019 01:49:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
System errors:
=============
Error: (01/26/2019 08:08:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/26/2019 08:05:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Stereo Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (01/26/2019 06:43:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/26/2019 06:16:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/26/2019 06:11:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/26/2019 06:03:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/26/2019 06:00:09 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNA3100 N300 Wireless USB Adapter, {78E5B174-F681-48D4-8156-94B3D6C00334}, had event 76
Error: (01/26/2019 05:45:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-01-03 21:00:52.551
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D134B7FD-EE1D-45C0-92B4-F52D7C5E737A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-03 20:47:26.088
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8BA1C1A4-DA2B-4602-A1B4-1AA76F9A518A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 92%
Total physical RAM: 2038.92 MB
Available physical RAM: 154.29 MB
Total Virtual: 4086.92 MB
Available Virtual: 1283.63 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:877.39 GB) NTFS
\\?\Volume{77e3ed41-0000-0000-0000-800200000000}\ (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2019-01-26 20:48:44
-----------------------------
20:48:44.670 OS Version: Windows x64 6.2.9200
20:48:44.670 Number of processors: 8 586 0x1A05
20:48:44.670 ComputerName: DESKTOP-6U06PFH UserName: Celia
20:49:00.224 Initialze error C000010E - driver not loaded
20:51:25.513 AVAST engine defs: 17030301
20:52:13.224 The log file has been saved successfully to "C:\Users\Celia\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.01.2019
Ran by Celia (administrator) on DESKTOP-6U06PFH (26-01-2019 20:22:11)
Running from C:\Users\Celia\Downloads
Loaded Profiles: Celia (Available Profiles: Celia)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MpCmdRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.285.230.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-30] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\Run: [AppMaster] => C:\Users\Celia\AppData\Roaming\AppMaster\AppMaster.exe update force://update?from=startup
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{674e49ce-200b-4b55-8217-8b03bd2c3b70}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{975a2eb8-aa71-4366-b7ae-2e2c0255d4b6}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-763389062-386558237-392076011-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-763389062-386558237-392076011-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-763389062-386558237-392076011-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-01-07] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: m8wcgitb.default
FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\m8wcgitb.default [2019-01-26]
FF Homepage: Mozilla\Firefox\Profiles\m8wcgitb.default -> hxxps://www.google.com/search?client=firefox-b-1-ab&q=
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default [2018-12-16]
CHR Extension: (Slides) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-05]
CHR Extension: (Docs) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-05]
CHR Extension: (Google Drive) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-16]
CHR Extension: (YouTube) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-05]
CHR Extension: (Sheets) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-05]
CHR Extension: (Gmail) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-05]
CHR Extension: (Chrome Media Router) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-24] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-24] (Microsoft Corporation)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7978296 2018-03-21] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Corporation)
S3 NPF; \SystemRoot\system32\DRIVERS\npf.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-26 20:18 - 2019-01-26 20:21 - 000021481 _____ C:\Users\Celia\Downloads\Addition.txt
2019-01-26 20:15 - 2019-01-26 20:23 - 000011930 _____ C:\Users\Celia\Downloads\FRST.txt
2019-01-26 20:15 - 2019-01-26 20:22 - 000000000 ____D C:\FRST
2019-01-26 20:12 - 2019-01-26 20:12 - 002428416 _____ (Farbar) C:\Users\Celia\Downloads\FRST64.exe
2019-01-26 20:03 - 2019-01-26 20:03 - 000000000 ____D C:\Program Files (x86)\ASUS USB-AC53 Nano USB Wireless adapter Driver
2019-01-26 20:03 - 2018-03-22 11:43 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\SysWOW64\Rtlihvs.dll
2019-01-26 20:03 - 2018-03-22 11:43 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\Rtlihvs.dll
2019-01-26 20:03 - 2018-03-22 11:41 - 000451072 _____ C:\WINDOWS\SysWOW64\ISSRemoveSP.exe
2019-01-26 20:03 - 2018-03-21 22:57 - 007978296 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlanu.sys
2019-01-26 20:03 - 2018-03-21 22:57 - 000011040 _____ C:\WINDOWS\system32\Drivers\TXPWR_LMT.txt
2019-01-26 20:03 - 2018-03-21 22:57 - 000004626 _____ C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt
2019-01-26 18:43 - 2011-07-22 10:33 - 000025056 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\SCMNdisP.sys
2019-01-26 17:52 - 2019-01-26 17:56 - 036524491 _____ C:\Users\Celia\Downloads\WNA3100 Software Version 2.0.zip
2019-01-26 17:18 - 2019-01-26 17:20 - 000000000 ____D C:\AdwCleaner
2019-01-26 17:17 - 2019-01-26 17:17 - 007320272 _____ (Malwarebytes) C:\Users\Celia\Downloads\adwcleaner_7.2.6.0.exe
2019-01-19 11:55 - 2019-01-19 11:56 - 000048640 _____ C:\Users\Celia\Documents\RE The certificate of title from the NYS DMV . . . .msg
2019-01-16 05:19 - 2019-01-16 05:19 - 001202680 _____ (Adobe Systems Incorporated) C:\Users\Celia\Downloads\readerdc_en_xa_crd_install.exe
2019-01-11 16:08 - 2019-01-11 16:10 - 000582584 _____ C:\Users\Celia\Downloads\personal_abstract.pdf
2019-01-08 13:51 - 2019-01-01 08:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-08 13:51 - 2019-01-01 08:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-08 13:51 - 2019-01-01 02:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-08 13:51 - 2019-01-01 02:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-08 13:51 - 2019-01-01 02:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-08 13:51 - 2019-01-01 01:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-08 13:51 - 2019-01-01 01:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-08 13:51 - 2019-01-01 01:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-08 13:51 - 2019-01-01 01:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-08 13:51 - 2019-01-01 01:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-08 13:51 - 2019-01-01 01:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-08 13:51 - 2019-01-01 01:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-08 13:51 - 2019-01-01 01:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-08 13:51 - 2019-01-01 01:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-08 13:51 - 2019-01-01 01:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-08 13:50 - 2019-01-01 08:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-08 13:50 - 2019-01-01 08:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-08 13:50 - 2019-01-01 08:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-08 13:50 - 2019-01-01 08:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-08 13:50 - 2019-01-01 08:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-08 13:50 - 2019-01-01 08:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-08 13:50 - 2019-01-01 08:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-08 13:50 - 2019-01-01 08:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-08 13:50 - 2019-01-01 02:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-08 13:50 - 2019-01-01 02:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-08 13:50 - 2019-01-01 02:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-08 13:50 - 2019-01-01 02:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-08 13:50 - 2019-01-01 02:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-08 13:50 - 2019-01-01 02:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-08 13:50 - 2019-01-01 02:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-08 13:50 - 2019-01-01 02:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-08 13:50 - 2019-01-01 02:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-08 13:50 - 2019-01-01 02:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-08 13:50 - 2019-01-01 01:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-08 13:50 - 2019-01-01 01:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-08 13:50 - 2019-01-01 01:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-08 13:50 - 2019-01-01 01:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-08 13:50 - 2019-01-01 01:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-08 13:50 - 2019-01-01 01:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-08 13:50 - 2019-01-01 01:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-08 13:50 - 2019-01-01 01:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-08 13:50 - 2019-01-01 01:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-08 13:50 - 2019-01-01 01:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-08 13:50 - 2019-01-01 01:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-08 13:50 - 2019-01-01 01:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-08 13:50 - 2019-01-01 01:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-08 13:50 - 2019-01-01 01:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-08 13:50 - 2019-01-01 01:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-08 13:50 - 2019-01-01 01:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-08 13:50 - 2019-01-01 01:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-08 13:50 - 2019-01-01 01:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-08 13:50 - 2019-01-01 01:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-08 13:50 - 2019-01-01 01:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-08 13:50 - 2019-01-01 01:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-08 13:50 - 2019-01-01 01:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-08 13:50 - 2019-01-01 00:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-08 13:50 - 2018-12-18 23:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 09:40 - 2019-01-08 09:40 - 000000000 ____D C:\Users\Celia\Desktop\CPR PERSOnal
2019-01-08 07:34 - 2019-01-08 07:34 - 000036864 _____ C:\Users\Celia\Documents\RE Three.msg
2019-01-03 12:48 - 2019-01-26 20:09 - 000000000 ____D C:\Users\Celia\AppData\LocalLow\Mozilla
2019-01-03 12:48 - 2019-01-03 12:48 - 000000000 ____D C:\Users\Celia\AppData\Roaming\Mozilla
2019-01-03 12:47 - 2019-01-12 09:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-03 12:47 - 2019-01-10 20:54 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-03 12:47 - 2019-01-03 12:55 - 000000000 ____D C:\Users\Celia\AppData\Local\Mozilla
2019-01-03 12:47 - 2019-01-03 12:47 - 000001214 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-01-03 12:46 - 2019-01-12 09:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-01-03 12:45 - 2019-01-03 12:45 - 000320032 _____ (Mozilla) C:\Users\Celia\Downloads\Firefox Installer.exe
2019-01-03 12:05 - 2019-01-03 12:05 - 000000000 ___HD C:\OneDriveTemp
2019-01-03 12:01 - 2019-01-12 10:03 - 000000000 ____D C:\WINDOWS\Minidump
2019-01-03 09:50 - 2019-01-03 09:50 - 000044032 _____ C:\Users\Celia\Documents\RE I now know the basics of SW's $$ problems.msg
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-26 20:23 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-26 20:11 - 2018-09-16 00:12 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BA86B362-154B-4F96-85C3-A16B4BCEDBB9}
2019-01-26 20:07 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-26 20:05 - 2018-06-07 20:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-26 20:04 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-26 20:03 - 2018-04-12 19:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-26 20:03 - 2017-09-29 08:46 - 000000184 _____ C:\WINDOWS\win.ini
2019-01-26 19:32 - 2018-06-07 20:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-26 18:34 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-26 18:33 - 2018-11-27 19:45 - 000000000 ____D C:\Users\Celia\AppData\Local\ElevatedDiagnostics
2019-01-26 17:13 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-26 17:12 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-25 22:25 - 2018-06-07 20:49 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-763389062-386558237-392076011-1001
2019-01-25 22:25 - 2018-04-12 18:53 - 000000000 ___RD C:\Users\Celia\OneDrive
2019-01-25 22:24 - 2018-06-07 20:37 - 000002361 _____ C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-24 12:23 - 2018-04-12 19:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-18 12:16 - 2018-11-16 01:21 - 000000000 ____D C:\Program Files\rempl
2019-01-18 11:00 - 2018-04-13 16:44 - 000000000 ____D C:\Program Files\Microsoft Office
2019-01-12 09:51 - 2018-06-07 20:37 - 000000000 ____D C:\Users\Celia
2019-01-11 05:38 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-08 19:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-08 19:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-08 14:06 - 2018-04-12 19:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-08 14:03 - 2018-04-12 19:22 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-08 14:02 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-04 12:06 - 2018-09-16 13:04 - 000000000 ____D C:\Users\Celia\Desktop\SCHOOL
2019-01-02 14:41 - 2018-07-10 19:10 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 14:41 - 2018-07-10 19:10 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-01 15:43 - 2018-06-07 20:46 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-07 20:32
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019
Ran by Celia (26-01-2019 20:24:58)
Running from C:\Users\Celia\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-06-08 01:51:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-763389062-386558237-392076011-500 - Administrator - Disabled)
Celia (S-1-5-21-763389062-386558237-392076011-1001 - Administrator - Enabled) => C:\Users\Celia
DefaultAccount (S-1-5-21-763389062-386558237-392076011-503 - Limited - Disabled)
Guest (S-1-5-21-763389062-386558237-392076011-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-763389062-386558237-392076011-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ASUS USB-AC53 Nano USB Wireless adapter Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.0.1.3 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-763389062-386558237-392076011-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 64.0.2 (x86 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1459E270-D8CA-4714-A735-391619A2ED89} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-18] (Microsoft Corporation)
Task: {26F55F1D-08EE-4CFB-849B-3163309833EA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {29B88F5E-079A-4545-8F33-1D5AEE41BA9E} - System32\Tasks\UpdatePrt => C:\Users\Celia\AppData\Roaming\AppMaster\AppMaster.exe
Task: {389B5E0B-34B1-4F20-BF20-0941F734D293} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {3A5FBAE4-6C65-4C31-8B62-FF7CB47C3BC4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-01-07] (Microsoft Corporation)
Task: {44123528-2EDE-4403-A2F3-4166D0E3FFCD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {50D00740-4BF1-4D31-9324-399F3D535B79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
Task: {64E39E52-1D05-4396-B63B-371E50CF09A1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6B74A25D-87B2-42A9-A760-4B0BA002F37A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {736E7AF9-97B2-46CE-BF4E-4FD58436E063} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {7673DB89-B349-4084-A56A-7B242F658E60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-05] (Google Inc.)
Task: {C8093C67-8B55-407D-86F6-47D335BF82CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {C97561B4-AD4E-4DEF-BF4B-BDF57B1FD94C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-18] (Microsoft Corporation)
Task: {E0F46E34-DEAB-4BE2-8463-0E1E3D1EFA3F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2019-01-07] (Microsoft Corporation)
Task: {F68F8DA7-9243-4AF3-9451-B331722CD8DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-05] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 18:49 - 2016-11-14 06:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-15 20:01 - 2016-02-15 20:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 05:38 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-08 13:50 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-22 22:15 - 2019-01-22 22:16 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-22 22:15 - 2019-01-22 22:16 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-24 06:51 - 2018-10-24 06:51 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-22 22:15 - 2019-01-22 22:15 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-22 22:15 - 2019-01-22 22:15 - 010936320 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-22 22:15 - 2019-01-22 22:16 - 002920960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-11 03:10 - 2018-07-11 03:10 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-11-13 18:53 - 2018-11-01 01:55 - 005471232 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-11-13 18:53 - 2018-11-01 01:56 - 005082112 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2018-06-13 04:23 - 2018-06-08 04:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-13 04:23 - 2018-06-08 04:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-763389062-386558237-392076011-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-763389062-386558237-392076011-1001\...\StartupApproved\Run: => "AppMaster"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{025D8BB5-8CA9-445D-80C9-AD0D7EE2C438}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{EB991D3D-38AF-42C0-AD18-37F8DF0E21AE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{48B6A69F-EF00-4B69-A498-33F116687955}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{711AD2D8-49EE-4C47-BDD8-EE7A048896CB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{9CED148B-9264-490C-AA72-EE49FA7309D3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{234582A9-2AA5-4AA1-B1FB-21C03FDDFA6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{57E154C8-75BC-467B-B91F-217D6B68744B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{57FE4707-D4C3-4401-A160-346355173AE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
==================== Restore Points =========================
08-01-2019 13:48:36 Windows Update
17-01-2019 01:50:56 Scheduled Checkpoint
26-01-2019 06:12:34 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2019 05:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.17134.1, time stamp: 0x96e0391b
Faulting module name: windows.storage.dll, version: 10.0.17134.471, time stamp: 0x4d1c0608
Exception code: 0xc0000005
Fault offset: 0x0000000000035b86
Faulting process id: 0x598
Faulting application start time: 0x01d4b5c42b2219bc
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\System32\windows.storage.dll
Report Id: 21bab371-95de-4d17-b129-63867daaca7e
Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1
Error: (01/26/2019 03:14:37 PM) (Source: Microsoft Office 16) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.
Error: (01/26/2019 03:02:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.17134.523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2d44
Start Time: 01d4b5b1a18a535b
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 778c6a01-cb6d-4cbc-a292-58c0244f653c
Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (01/26/2019 01:54:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17134.523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 28d0
Start Time: 01d4b59eb09a5405
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Report Id: cae83664-2b32-45bd-95c4-34cd95dd165c
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (01/26/2019 01:49:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (01/26/2019 01:49:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (01/26/2019 01:49:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (01/26/2019 01:49:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
System errors:
=============
Error: (01/26/2019 08:08:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/26/2019 08:05:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Stereo Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (01/26/2019 06:43:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/26/2019 06:16:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/26/2019 06:11:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/26/2019 06:03:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WSWNA3100 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/26/2019 06:00:09 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNA3100 N300 Wireless USB Adapter, {78E5B174-F681-48D4-8156-94B3D6C00334}, had event 76
Error: (01/26/2019 05:45:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-01-03 21:00:52.551
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D134B7FD-EE1D-45C0-92B4-F52D7C5E737A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-03 20:47:26.088
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8BA1C1A4-DA2B-4602-A1B4-1AA76F9A518A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 92%
Total physical RAM: 2038.92 MB
Available physical RAM: 154.29 MB
Total Virtual: 4086.92 MB
Available Virtual: 1283.63 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:877.39 GB) NTFS
\\?\Volume{77e3ed41-0000-0000-0000-800200000000}\ (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2019-01-26 20:48:44
-----------------------------
20:48:44.670 OS Version: Windows x64 6.2.9200
20:48:44.670 Number of processors: 8 586 0x1A05
20:48:44.670 ComputerName: DESKTOP-6U06PFH UserName: Celia
20:49:00.224 Initialze error C000010E - driver not loaded
20:51:25.513 AVAST engine defs: 17030301
20:52:13.224 The log file has been saved successfully to "C:\Users\Celia\Desktop\aswMBR.txt"