1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Root Kit Removal

Discussion in 'Virus & Other Malware Removal' started by HelpMe510, Sep 17, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    For rootkits that are installed on my computer, is it best to reset my computer being that rootkits are so hard to detect?
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi HelpMe510, welcome to the Bleeping Computer malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you don't respond to your topic in 5 days, it will be closed.
      • If your topic is closed and you still need assistance, send me or any Moderator a Personal Message with a link to your topic.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------

    We can try to clean your computer without having to reformat/reinstall the OS. Please do the following:

    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.
    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
    HelpMe510 likes this.
  3. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    Ok, will do, should I backup my data with my wifi turned off? Or does it matter?

    QUOTE="iMacg3, post: 9636719, member: 942080"]Hi HelpMe510, welcome to the Bleeping Computer malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you don't respond to your topic in 5 days, it will be closed.
      • If your topic is closed and you still need assistance, send me or any Moderator a Personal Message with a link to your topic.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------

    We can try to clean your computer without having to reformat/reinstall the OS. Please do the following:

    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.
    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
    [/QUOTE]
     
  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi HelpMe510,

    Depending on the infection it may be necessary to disconnect the computer from the Internet. You can disconnect the PC from the Internet while backing up your data.
     
    HelpMe510 likes this.
  5. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    Ok I will have this process completed by the end of the weekend

    UOTE="iMacg3, post: 9637116, member: 942080"]Hi HelpMe510,

    Depending on the infection it may be necessary to disconnect the computer from the Internet. You can disconnect the PC from the Internet while backing up your data.[/QUOTE]
     
  6. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2019 01
    Ran by thera (administrator) on LAPTOP-ETIDKGD4 (Acer Aspire E5-576) (21-09-2019 16:46:44)
    Running from C:\Users\thera\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
    Loaded Profiles: thera (Available Profiles: thera)
    Platform: Windows 10 Home Version 1803 17134.1006 (X64) Language: English (United States)
    Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1"
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (AVAST Software s.r.o. -> ) C:\Program Files\AVAST Software\Avast\AvastNM.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnNM.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
    (Avid Technology, Inc. -> Avid Technology, Inc.) C:\Program Files\Avid\Avid Link\Avid Link.exe
    (Avid Technology, Inc. -> Avid Technology, Inc.) C:\Program Files\Avid\Avid Link\AvidAppManHelper.exe
    (Avid Technology, Inc. -> Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\Hub.exe
    (Avid Technology, Inc. -> Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe
    (Avid Technology, Inc.) [File not signed] C:\Program Files\Avid\Pro Tools\MMERefresh.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
    (ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
    (Intel(R) CN -> Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxext.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\IntelCpHeciSvc.exe
    (Lespeed Technology Ltd. -> WiseCleaner.com) C:\Program Files\Wise\Wise Anti Malware\WiseAntiTray.exe
    (Lespeed Technology Ltd. -> WiseCleaner.com) C:\Program Files\Wise\Wise Anti Malware\WiseMalService.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\thera\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\FileCoAuth.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\thera\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19061.18920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\mmgaserver.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
    (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    (Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (SweetLabs Inc. -> SweetLabs, Inc) C:\Users\thera\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
    (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\QtWebEngineProcess.exe
    (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\QtWebEngineProcess.exe
    (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\QtWebEngineProcess.exe
    (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\QtWebEngineProcess.exe
    (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\QtWebEngineProcess.exe
    (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\QtWebEngineProcess.exe
    (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\QtWebEngineProcess.exe
    (Trend Micro, Inc. -> ) C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
    (Trend Micro, Inc. -> ) C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
    (Trend Micro, Inc. -> ) C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
    (Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
    (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\Windscribe.exe
    (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
    (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\wsappcontrol.exe
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2018-11-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2018-11-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2019-04-22] (Avid Technology, Inc.) [File not signed]
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
    HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\Run: [AvastBrowserAutoLaunch_213B4C661DB3A807F5BBDBDA61435E90] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1850000 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
    HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
    HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\RunOnce: [Application Restart #3] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935840 2018-07-13] (Trend Micro, Inc. -> )
    HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935840 2018-07-13] (Trend Micro, Inc. -> )
    HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935840 2018-07-13] (Trend Micro, Inc. -> )
    HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935840 2018-07-13] (Trend Micro, Inc. -> )
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-19] (Google LLC -> Google LLC)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\76.0.1632.101\Installer\chrmstp.exe [2019-09-07] (AVAST Software s.r.o. -> AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-08-11]
    ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Link.lnk [2019-04-23]
    ShortcutTarget: Avid Link.lnk -> C:\Program Files\Avid\Avid Link\Avid Link.exe (Avid Technology, Inc. -> Avid Technology, Inc.)
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {0DCEDA9C-3C50-463E-94F8-D1F35F60EDE3} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2768176 2017-10-30] (Acer Incorporated -> Acer Incorporated)
    Task: {198E90BE-1371-4E7A-82CA-655822FC73AC} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [445744 2017-10-30] (Acer Incorporated -> Acer Incorporated)
    Task: {2DACD31B-BE06-493F-905E-F3DF80965036} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine VPN\VpnUpdate.exe [1380232 2019-08-12] (AVAST Software s.r.o. -> AVAST Software)
    Task: {2FB10F7C-213F-4851-B805-4D8F3B18549D} - System32\Tasks\GoogleUpdateTaskMachineUA1d545c9b7013a17 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-28] (Google Inc -> Google LLC)
    Task: {31574738-1FD7-46BA-88E1-85671458DF29} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-08-11] (AVAST Software s.r.o. -> AVAST Software)
    Task: {3388EADA-63C1-4BBC-982D-83A56E62E3C2} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [64320 2019-07-11] (Acer Incorporated -> Acer)
    Task: {365BB285-EBA7-4731-AE10-4BEF1578CAB4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
    Task: {4E53D66C-E184-4C3F-A1C3-26EB0A0BCB7D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-08-11] (AVAST Software s.r.o. -> AVAST Software)
    Task: {5394BF42-5B65-47D8-881A-2485971646DF} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-10-30] (Acer Incorporated -> )
    Task: {6490DB85-B644-42F1-8814-B4D7DD97072B} - System32\Tasks\Opera scheduled Autoupdate 1565638208 => C:\Users\thera\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-10] (Opera Software AS -> Opera Software)
    Task: {66134EC4-8EF1-4898-9439-CCA6A3748F11} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-28] (Google Inc -> Google LLC)
    Task: {66267A0C-9DE4-43DC-9128-71BEB73099A5} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
    Task: {68F079EC-ACA7-480E-8534-3E694790E649} - System32\Tasks\Reason Antivirus UI => C:\Program Files\Reason\Reason Antivirus\ReasonAV.exe
    Task: {6C74D652-67A5-4B11-ACF3-53DA8C84A3F1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3942792 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    Task: {73A44546-3846-4A83-A3FD-B431D4AC6C01} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
    Task: {96A7E7DF-2BE4-4DBC-9F5E-0711635D2C0E} - System32\Tasks\Norton Security Scan for thera => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.179\Nss.exe [848912 2019-02-15] (Symantec Corporation -> Symantec Corporation)
    Task: {A852EB45-8F7D-4275-B565-291233A28770} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-10-30] (Acer Incorporated -> )
    Task: {B2552E61-E1D6-4F22-AF87-8A562BCF169F} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1850000 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
    Task: {BC34D574-FDB7-41A3-A488-F17DD859D51F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {BE5F365E-F77C-40CD-9BB0-C8A5760C4234} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
    Task: {C5D44542-AC30-4C8A-A19D-1CA474890B74} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2018-11-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {DFC89A8C-1BC5-4F89-9CC8-C6D1DCDACA12} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2017-10-30] (Acer Incorporated -> Acer Incorporated)
    Task: {E23F18ED-13B3-4FE2-B7F6-92400C8AB725} - System32\Tasks\App Explorer => C:\Users\thera\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7417512 2019-08-27] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
    Task: {F350A820-60B3-4E3C-87BE-DB4435EF992D} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-10-30] (Acer Incorporated -> )
    Task: {F38D93FE-50B5-400C-B8AF-A1894EB6E4D1} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1850000 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
    Task: {F463BDA6-BCDE-42B0-92C7-9332704C9A9D} - System32\Tasks\Wise Anti Malware Tray => C:\Program Files\Wise\Wise Anti Malware\WiseAntiTray.exe [2687656 2018-11-26] (Lespeed Technology Ltd. -> WiseCleaner.com)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\Wise Anti Malware Tray.job => C:\Program Files\Wise\Wise Anti Malware\WiseAntiTray.exe
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Hosts: 212.103.49.66 us-west-027.whiskergalaxy.com #added by Windscribe, do not modify.
    Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
    Tcpip\..\Interfaces\{756E724F-E1E5-4BCB-8B5D-3A81E3692567}: [NameServer] 10.255.255.2
    Tcpip\..\Interfaces\{A0904879-BCF0-4720-ADED-BE310EAE1204}: [NameServer] 10.255.255.2
    Tcpip\..\Interfaces\{a143059e-e8b4-4c19-a679-9a5d06e5b7e2}: [DhcpNameServer] 40.33.1.66
    Tcpip\..\Interfaces\{f8aead43-8de4-4228-bbb5-cb597049d42b}: [DhcpNameServer] 172.16.0.1
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1209155800-3557976415-291662890-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
    SearchScopes: HKU\S-1-5-21-1209155800-3557976415-291662890-1001 -> DefaultScope {6CB17CAE-7523-44C8-A721-3FAD0F43CC06} URL =
    SearchScopes: HKU\S-1-5-21-1209155800-3557976415-291662890-1001 -> {6CB17CAE-7523-44C8-A721-3FAD0F43CC06} URL =
    Toolbar: HKLM-x32 - Password Manager ToolBar - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Program Files\Trend Micro\TMIDS\bhoDirectPass32.dll [2019-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
    Edge:
    ======
    DownloadDir: C:\Users\thera\Downloads
    FireFox:
    ========
    FF DefaultProfile: hfcgzum0.default
    FF ProfilePath: C:\Users\thera\AppData\Roaming\Mozilla\Firefox\Profiles\hfcgzum0.default [2019-09-21]
    FF NetworkProxy: Mozilla\Firefox\Profiles\hfcgzum0.default -> no_proxies_on", "hxxps://localhost"
    FF Extension: (Amazon Assistant for Firefox) - C:\Users\thera\AppData\Roaming\Mozilla\Firefox\Profiles\hfcgzum0.default\Extensions\[email protected] [2019-08-24] [UpdateUrl:hxxps://s3-us-west-2.amazonaws.com/ubp-ubpextension-us-prod/vendor-update/firefox/acer1/updates.json]
    FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\thera\AppData\Roaming\Mozilla\Firefox\Profiles\hfcgzum0.default\Extensions\[email protected] [2019-08-24]
    FF Extension: (Avast Online Security) - C:\Users\thera\AppData\Roaming\Mozilla\Firefox\Profiles\hfcgzum0.default\Extensions\[email protected] [2019-08-24]
    FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2018-10-12] [hxxps://s3-us-west-2.amazonaws.com/ubp-ubpextension-us-prod/vendor-update/firefox/acer1/updates.json]
    FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2018-10-12] [Legacy]
    FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2018-10-12] [Legacy]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-28] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-28] (Google Inc -> Google LLC)
    Chrome:
    =======
    CHR Profile: C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default [2019-09-20]
    CHR Extension: (Slides) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-28]
    CHR Extension: (Docs) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-28]
    CHR Extension: (Google Drive) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-28]
    CHR Extension: (YouTube) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-28]
    CHR Extension: (Sheets) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-28]
    CHR Extension: (Google Docs Offline) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-28]
    CHR Extension: (Trend Micro Toolbar) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2019-07-28]
    CHR Extension: (Gmail) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-28]
    CHR Extension: (Chrome Media Router) - C:\Users\thera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-07]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5975136 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [414728 2017-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-08-11] (AVAST Software s.r.o. -> AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [405072 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [416576 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-08-11] (AVAST Software s.r.o. -> AVAST Software)
    S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\76.0.1632.101\elevation_service.exe [976608 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
    R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R2 AvidHubService; C:\Program Files\Avid\Cloud Client Services\Hub.exe [2299208 2017-11-09] (Avid Technology, Inc. -> Avid Technology, Inc.)
    R2 AvidTransportClient; C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [7067464 2017-11-09] (Avid Technology, Inc. -> Avid Technology, Inc.)
    R2 DigiRefresh; C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2019-04-22] (Avid Technology, Inc.) [File not signed]
    S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe [197632 2019-04-22] (Avid Technology, Inc.) [File not signed]
    R2 ICEsoundService; C:\WINDOWS\system32\ICEsoundService64.exe [806144 2018-11-08] (ICEpower a/s -> ICEpower)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
    R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26576 2018-01-11] (Intel(R) CN -> Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-10-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S2 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [97080 2019-08-12] (ProtonVPN AG -> )
    R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2842264 2019-08-22] (Trend Micro, Inc. -> Trend Micro Inc.)
    S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-10-30] (Acer Incorporated -> Acer Incorporated)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-10-30] (Acer Incorporated -> Acer Incorporated)
    R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [7449992 2019-08-07] (AVAST Software s.r.o. -> AVAST Software)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
    R2 WiseAntiMalwareService; C:\Program Files\Wise\Wise Anti Malware\WiseMalService.exe [187048 2018-11-26] (Lespeed Technology Ltd. -> WiseCleaner.com)
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 526234C2; C:\WINDOWS\system32\drivers\526234C2.sys [255928 2019-09-17] (Malwarebytes Corporation -> Malwarebytes)
    R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [29912 2019-05-17] (Acer Incorporated -> Acer Incorporated)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209552 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263008 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
    R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169408 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [478096 2019-08-27] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387176 2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-08-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-08-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-08-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    R3 iLokDrvr; C:\WINDOWS\System32\drivers\iLokDrvr.sys [33544 2019-04-23] (PACE Anti-Piracy, Inc. -> )
    R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [22320 2017-10-30] (Acer Incorporated -> Acer Incorporated)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [192952 2019-09-17] (Malwarebytes Corporation -> Malwarebytes)
    S3 ProtonVPNSplitTunnelCalloutDriver; C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\win10\ProtonVPNSplitTunnelCalloutDriver.Sys [48664 2019-07-01] (Microsoft Windows Hardware Compatibility Publisher -> )
    R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2360048 2018-08-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
    R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [16688 2017-10-30] (Acer Incorporated -> Acer Incorporated)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-17] (Realtek Semiconductor Corp. -> Realtek )
    R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-04-11] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [57432 2016-09-04] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2019-07-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
    R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-09-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344288 2019-09-11] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-09-11] (Microsoft Windows -> Microsoft Corporation)
    R2 WiseAntiProcess; C:\WINDOWS\System32\DRIVERS\WiseAntiMalWareProcessMonitor.sys [39448 2018-02-06] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com)
    R2 WiseAntiReg; C:\WINDOWS\System32\DRIVERS\WiseAntiMalWareRegMonitor.sys [51232 2018-01-29] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com)
    U1 aswbdisk; no ImagePath
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One month (created) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-09-21 16:41 - 2019-09-21 16:46 - 000000000 ____D C:\FRST
    2019-09-21 16:33 - 2019-09-21 16:33 - 000000000 ___HD C:\OneDriveTemp
    2019-09-21 16:20 - 2019-09-21 16:20 - 000001060 _____ C:\Users\thera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Summer_Walker_-_Last_Day_Of_Summer_ALBUM_2019.lnk
    2019-09-21 16:20 - 2019-09-21 16:20 - 000000000 ____D C:\Users\thera\Downloads\Summer Walker - CLEAR (2019)
    2019-09-19 17:52 - 2019-09-19 17:52 - 016899544 _____ (Windscribe Limited ) C:\Users\thera\Downloads\Windscribe (1).exe
    2019-09-19 17:50 - 2019-09-19 17:50 - 000001144 _____ C:\Users\Public\Desktop\Windscribe.lnk
    2019-09-19 17:50 - 2019-09-19 17:50 - 000000000 ____D C:\Users\thera\AppData\Local\Windscribe
    2019-09-19 17:50 - 2019-09-19 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
    2019-09-19 17:49 - 2019-09-20 13:59 - 000000000 ____D C:\Program Files (x86)\Windscribe
    2019-09-19 17:49 - 2018-07-06 17:22 - 000054896 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapwindscribe0901.sys
    2019-09-19 17:48 - 2019-09-19 17:49 - 016899544 _____ (Windscribe Limited ) C:\Users\thera\Downloads\Windscribe.exe
    2019-09-18 14:48 - 2019-09-18 14:48 - 000000022 _____ C:\Users\thera\Downloads\MEGA-RECOVERYKEY (1).txt
    2019-09-17 22:18 - 2019-09-17 22:25 - 001151376 _____ C:\TDSSKiller.3.1.0.28_17.09.2019_22.18.30_log.txt
    2019-09-17 21:32 - 2019-09-17 21:32 - 000000000 ____D C:\ProgramData\ProtonVPN
    2019-09-17 21:31 - 2019-09-20 14:03 - 000000000 ____D C:\Users\thera\AppData\Local\ProtonVPN
    2019-09-17 21:31 - 2019-09-17 21:31 - 000001234 _____ C:\Users\Public\Desktop\ProtonVPN.lnk
    2019-09-17 21:30 - 2019-09-17 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
    2019-09-17 21:30 - 2019-09-17 21:30 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
    2019-09-17 21:22 - 2019-09-17 21:22 - 000006343 _____ C:\Users\thera\OneDrive\Documents\ip addresses.txt
    2019-09-17 21:17 - 2019-09-17 22:14 - 000296976 _____ C:\TDSSKiller.3.1.0.28_17.09.2019_21.17.33_log.txt
    2019-09-17 15:27 - 2019-09-17 15:27 - 000005953 _____ C:\Users\thera\OneDrive\Documents\host info.txt
    2019-09-17 14:40 - 2019-09-17 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti Hacker
    2019-09-17 14:40 - 2019-09-17 14:40 - 000000000 ____D C:\Program Files (x86)\Anti Hacker
    2019-09-17 14:13 - 2019-09-17 14:14 - 019275792 _____ (Bitdefender LLC) C:\Users\thera\Downloads\BR.exe
    2019-09-17 14:02 - 2019-09-17 14:02 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\526234C2.sys
    2019-09-16 22:07 - 2019-09-16 22:08 - 000000227 _____ C:\Users\thera\OneDrive\Documents\Unauthcodegmail.com
    2019-09-15 13:34 - 2019-09-15 13:34 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\33162704.sys
    2019-09-14 19:55 - 2019-09-14 20:12 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\34514330.sys
    2019-09-14 19:52 - 2019-09-17 14:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2019-09-14 19:52 - 2019-09-17 14:00 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2019-09-14 19:50 - 2019-09-14 19:51 - 000150154 _____ C:\TDSSKiller.3.1.0.28_14.09.2019_19.50.25_log.txt
    2019-09-11 17:14 - 2019-09-04 03:16 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2019-09-11 17:14 - 2019-09-04 03:16 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2019-09-11 17:14 - 2019-09-04 03:16 - 000810808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2019-09-11 17:14 - 2019-09-04 03:16 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2019-09-11 17:14 - 2019-09-04 03:16 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2019-09-11 17:14 - 2019-09-04 03:15 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2019-09-11 17:14 - 2019-09-04 03:15 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2019-09-11 17:14 - 2019-09-04 03:15 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2019-09-11 17:14 - 2019-09-04 03:15 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2019-09-11 17:14 - 2019-09-04 03:06 - 000581016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2019-09-11 17:14 - 2019-09-04 03:06 - 000541200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2019-09-11 17:14 - 2019-09-04 03:06 - 000402016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
    2019-09-11 17:14 - 2019-09-04 03:01 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-09-11 17:14 - 2019-09-04 03:01 - 001516632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2019-09-11 17:14 - 2019-09-04 03:01 - 000790936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2019-09-11 17:14 - 2019-09-04 03:01 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2019-09-11 17:14 - 2019-09-04 03:00 - 021399576 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2019-09-11 17:14 - 2019-09-04 03:00 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-09-11 17:14 - 2019-09-04 03:00 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-09-11 17:14 - 2019-09-04 02:46 - 012838400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-09-11 17:14 - 2019-09-04 02:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2019-09-11 17:14 - 2019-09-04 02:43 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2019-09-11 17:14 - 2019-09-04 02:42 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
    2019-09-11 17:14 - 2019-09-04 02:41 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2019-09-11 17:14 - 2019-09-04 02:40 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-09-11 17:14 - 2019-09-04 02:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-09-11 17:14 - 2019-09-04 02:40 - 000957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2019-09-11 17:14 - 2019-09-04 02:40 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2019-09-11 17:14 - 2019-09-04 02:39 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2019-09-11 17:14 - 2019-09-04 01:52 - 001453624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-09-11 17:14 - 2019-09-04 01:52 - 000467400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
    2019-09-11 17:14 - 2019-09-04 01:51 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2019-09-11 17:14 - 2019-09-04 01:51 - 000322360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2019-09-11 17:14 - 2019-09-04 01:50 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2019-09-11 17:14 - 2019-09-04 01:50 - 000356896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
    2019-09-11 17:14 - 2019-09-04 01:48 - 020393120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2019-09-11 17:14 - 2019-09-04 01:38 - 012039680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-09-11 17:14 - 2019-09-04 01:38 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2019-09-11 17:14 - 2019-09-04 01:35 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2019-09-11 17:14 - 2019-09-04 01:33 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-09-11 17:14 - 2019-09-03 22:25 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2019-09-11 17:14 - 2019-09-03 22:25 - 001613096 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2019-09-11 17:14 - 2019-09-03 22:24 - 002417744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2019-09-11 17:14 - 2019-09-03 22:24 - 001298960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2019-09-11 17:14 - 2019-09-03 22:24 - 000705336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2019-09-11 17:14 - 2019-09-03 22:19 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2019-09-11 17:14 - 2019-09-03 22:19 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2019-09-11 17:14 - 2019-09-03 22:19 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2019-09-11 17:14 - 2019-09-03 22:17 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2019-09-11 17:14 - 2019-09-03 22:17 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-09-11 17:14 - 2019-09-03 22:15 - 005627280 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2019-09-11 17:14 - 2019-09-03 22:15 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-09-11 17:14 - 2019-09-03 22:15 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-09-11 17:14 - 2019-09-03 22:15 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-09-11 17:14 - 2019-09-03 22:15 - 000500744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2019-09-11 17:14 - 2019-09-03 22:15 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2019-09-11 17:14 - 2019-09-03 22:15 - 000323904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2019-09-11 17:14 - 2019-09-03 22:14 - 007437592 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-09-11 17:14 - 2019-09-03 22:14 - 003290584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-09-11 17:14 - 2019-09-03 22:14 - 002469920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-09-11 17:14 - 2019-09-03 22:14 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-09-11 17:14 - 2019-09-03 22:14 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2019-09-11 17:14 - 2019-09-03 22:14 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-09-11 17:14 - 2019-09-03 22:14 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-09-11 17:14 - 2019-09-03 22:14 - 000420984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
    2019-09-11 17:14 - 2019-09-03 22:14 - 000361752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 009084424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-09-11 17:14 - 2019-09-03 22:13 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 004405232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 002773816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 002571848 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-09-11 17:14 - 2019-09-03 22:13 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-09-11 17:14 - 2019-09-03 22:13 - 001141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-09-11 17:14 - 2019-09-03 22:13 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-09-11 17:14 - 2019-09-03 22:13 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 000692352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2019-09-11 17:14 - 2019-09-03 22:13 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-09-11 17:14 - 2019-09-03 22:13 - 000129040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2019-09-11 17:14 - 2019-09-03 22:10 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2019-09-11 17:14 - 2019-09-03 22:05 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2019-09-11 17:14 - 2019-09-03 22:04 - 000286616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2019-09-11 17:14 - 2019-09-03 22:03 - 006046096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-09-11 17:14 - 2019-09-03 22:03 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-09-11 17:14 - 2019-09-03 22:03 - 002331696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2019-09-11 17:14 - 2019-09-03 22:03 - 002261448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-09-11 17:14 - 2019-09-03 22:03 - 001993136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-09-11 17:14 - 2019-09-03 22:03 - 001980264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-09-11 17:14 - 2019-09-03 22:03 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2019-09-11 17:14 - 2019-09-03 22:03 - 000581264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-09-11 17:14 - 2019-09-03 22:03 - 000538192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
    2019-09-11 17:14 - 2019-09-03 22:02 - 006568280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-09-11 17:14 - 2019-09-03 22:02 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-09-11 17:14 - 2019-09-03 22:02 - 001805872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2019-09-11 17:14 - 2019-09-03 22:02 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2019-09-11 17:14 - 2019-09-03 22:02 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2019-09-11 17:14 - 2019-09-03 21:55 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-09-11 17:14 - 2019-09-03 21:54 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-09-11 17:14 - 2019-09-03 21:48 - 019385344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-09-11 17:14 - 2019-09-03 21:48 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2019-09-11 17:14 - 2019-09-03 21:46 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2019-09-11 17:14 - 2019-09-03 21:46 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
    2019-09-11 17:14 - 2019-09-03 21:45 - 022734336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-09-11 17:14 - 2019-09-03 21:45 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2019-09-11 17:14 - 2019-09-03 21:45 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2019-09-11 17:14 - 2019-09-03 21:44 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2019-09-11 17:14 - 2019-09-03 21:44 - 004388864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-09-11 17:14 - 2019-09-03 21:44 - 003687424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-09-11 17:14 - 2019-09-03 21:43 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-09-11 17:14 - 2019-09-03 21:43 - 004849664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-09-11 17:14 - 2019-09-03 21:43 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-09-11 17:14 - 2019-09-03 21:43 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2019-09-11 17:14 - 2019-09-03 21:43 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2019-09-11 17:14 - 2019-09-03 21:43 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2019-09-11 17:14 - 2019-09-03 21:43 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2019-09-11 17:14 - 2019-09-03 21:43 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 007572992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2019-09-11 17:14 - 2019-09-03 21:42 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-09-11 17:14 - 2019-09-03 21:41 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2019-09-11 17:14 - 2019-09-03 21:41 - 002373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-09-11 17:14 - 2019-09-03 21:41 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2019-09-11 17:14 - 2019-09-03 21:41 - 001634304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-09-11 17:14 - 2019-09-03 21:41 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2019-09-11 17:14 - 2019-09-03 21:41 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-09-11 17:14 - 2019-09-03 21:41 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2019-09-11 17:14 - 2019-09-03 21:40 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2019-09-11 17:14 - 2019-09-03 21:40 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2019-09-11 17:14 - 2019-09-03 21:40 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2019-09-11 17:14 - 2019-09-03 21:40 - 002179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-09-11 17:14 - 2019-09-03 21:40 - 001808896 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-09-11 17:14 - 2019-09-03 21:40 - 001563648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-09-11 17:14 - 2019-09-03 21:40 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2019-09-11 17:14 - 2019-09-03 21:40 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2019-09-11 17:14 - 2019-09-03 21:40 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 003203072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 002166272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-09-11 17:14 - 2019-09-03 21:39 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-09-11 17:14 - 2019-09-03 21:39 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2019-09-11 17:14 - 2019-09-03 21:38 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2019-09-11 17:14 - 2019-09-03 21:38 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2019-09-11 17:14 - 2019-09-03 21:38 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2019-09-11 17:14 - 2019-09-03 21:38 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-09-11 17:14 - 2019-09-03 21:38 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-09-11 17:14 - 2019-08-15 15:55 - 000786072 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2019-09-11 17:14 - 2019-08-15 15:55 - 000604000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2019-09-11 17:14 - 2019-08-15 02:59 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-09-11 17:14 - 2019-08-13 11:21 - 000665400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2019-09-11 17:14 - 2019-08-13 11:21 - 000221016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
    2019-09-11 17:14 - 2019-08-13 11:20 - 003701184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2019-09-11 17:14 - 2019-08-13 11:20 - 000106560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2019-09-11 17:14 - 2019-08-13 11:06 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
    2019-09-11 17:14 - 2019-08-13 11:06 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2019-09-11 17:14 - 2019-08-13 11:06 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
    2019-09-11 17:14 - 2019-08-13 11:05 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2019-09-11 17:14 - 2019-08-13 08:06 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2019-09-11 17:14 - 2019-08-13 08:04 - 001651040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2019-09-11 17:14 - 2019-08-13 08:04 - 001585304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2019-09-11 17:14 - 2019-08-13 07:46 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-09-11 17:14 - 2019-08-13 07:45 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-09-11 17:14 - 2019-08-13 07:43 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
    2019-09-11 17:14 - 2019-08-13 07:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-09-11 17:14 - 2019-08-13 07:39 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2019-09-11 17:14 - 2019-08-13 03:14 - 004040008 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2019-09-11 17:14 - 2019-08-13 03:09 - 000771384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2019-09-11 17:14 - 2019-08-13 03:09 - 000571688 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
    2019-09-11 17:14 - 2019-08-13 03:08 - 000117240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2019-09-11 17:14 - 2019-08-13 02:51 - 004853248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2019-09-11 17:14 - 2019-08-13 02:51 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
    2019-09-11 17:14 - 2019-08-13 02:50 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
    2019-09-11 17:14 - 2019-08-13 02:49 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2019-09-11 17:14 - 2019-08-13 02:49 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
    2019-09-11 17:14 - 2019-08-13 02:47 - 001262080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2019-09-11 17:14 - 2019-08-13 02:46 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2019-09-11 17:14 - 2019-08-13 02:46 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2019-09-11 17:14 - 2019-08-12 23:37 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-09-11 17:14 - 2019-08-12 21:54 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
    2019-09-11 17:14 - 2019-08-12 21:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2019-09-11 17:14 - 2019-08-12 21:46 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2019-09-11 17:14 - 2019-08-12 21:46 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
    2019-09-11 17:14 - 2019-08-12 21:45 - 002718736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-09-11 17:14 - 2019-08-12 21:45 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2019-09-11 17:14 - 2019-08-12 21:45 - 000722960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2019-09-11 17:14 - 2019-08-12 21:44 - 002161288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2019-09-11 17:14 - 2019-08-12 21:44 - 001793472 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2019-09-11 17:14 - 2019-08-12 21:17 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-09-11 17:14 - 2019-08-12 21:16 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-09-11 17:14 - 2019-08-12 21:16 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-09-11 17:14 - 2019-08-12 21:15 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2019-09-11 17:14 - 2019-08-12 21:14 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2019-09-11 17:14 - 2019-08-12 21:13 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2019-09-11 17:14 - 2019-08-12 21:13 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
    2019-09-11 17:14 - 2019-08-12 21:12 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2019-09-11 17:14 - 2019-08-12 21:12 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
    2019-09-11 17:14 - 2019-08-12 21:11 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
    2019-09-11 17:14 - 2019-08-12 21:11 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2019-09-11 17:14 - 2019-08-12 21:08 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2019-09-11 17:14 - 2019-08-12 21:08 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2019-09-11 17:14 - 2019-08-12 19:51 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
    2019-09-11 17:14 - 2019-08-12 19:49 - 000806328 _____ C:\WINDOWS\SysWOW64\locale.nls
    2019-09-11 17:14 - 2019-08-12 19:49 - 000806328 _____ C:\WINDOWS\system32\locale.nls
    2019-09-11 17:14 - 2019-08-12 17:57 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-09-11 17:14 - 2019-08-12 17:57 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-09-11 17:14 - 2019-08-12 17:57 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2019-09-11 17:13 - 2019-09-04 02:44 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2019-09-11 17:13 - 2019-09-03 21:45 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
    2019-09-11 17:13 - 2019-09-03 21:45 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
    2019-09-11 17:13 - 2019-09-03 21:43 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
    2019-09-11 17:13 - 2019-09-03 21:42 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-09-11 17:13 - 2019-09-03 21:42 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2019-09-11 17:13 - 2019-09-03 21:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2019-09-11 17:13 - 2019-09-03 21:40 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2019-09-11 17:13 - 2019-09-03 21:38 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2019-09-11 17:13 - 2019-09-03 20:22 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2019-09-11 17:13 - 2019-08-13 07:44 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
    2019-09-11 17:13 - 2019-08-13 07:43 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2019-09-11 17:13 - 2019-08-13 07:43 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
    2019-09-11 17:13 - 2019-08-13 07:42 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2019-09-11 17:13 - 2019-08-12 21:12 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2019-09-11 17:13 - 2019-08-12 21:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
    2019-09-11 17:13 - 2019-08-12 21:12 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
    2019-09-11 17:13 - 2019-08-12 21:11 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-09-11 17:13 - 2019-08-12 21:08 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2019-09-11 17:13 - 2019-08-12 17:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
    2019-09-10 17:01 - 2019-09-10 17:01 - 002024850 _____ C:\Users\thera\OneDrive\Documents\103-Disempowering-Beliefs-about-Money-and-Success-eBook-AF.pdf
    2019-09-10 16:59 - 2019-09-10 16:59 - 001086162 _____ C:\Users\thera\OneDrive\Documents\Financial-Succes-Tapping-Webinar-Workbook.pdf
    2019-09-10 16:58 - 2019-09-10 16:58 - 000001460 _____ C:\Users\thera\Downloads\seminar.ics
    2019-09-09 20:34 - 2019-09-09 20:34 - 000000204 _____ C:\Users\thera\OneDrive\Documents\SuspAccountInfo.txt
    2019-09-09 18:27 - 2019-09-09 18:27 - 004311587 _____ C:\Users\thera\Downloads\ChaChaRabiesShotCertificate.pdf
    2019-08-30 16:29 - 2019-08-30 16:29 - 001524213 _____ C:\Users\thera\OneDrive\Documents\#MantraMonday Om Mani Padme Hum – Heart Chakra Work with the Goddess Kuan Yin.pdf
    2019-08-28 18:46 - 2019-08-28 18:49 - 000000000 ___HD C:\$WINDOWS.~BT
    2019-08-27 14:41 - 2019-08-27 14:41 - 000043330 _____ C:\Users\thera\Downloads\D’Shaya Smith Resume 2019 PDF Music.pdf
    2019-08-24 15:42 - 2019-08-31 07:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2019-08-23 16:49 - 2019-08-23 16:49 - 000000000 ____D C:\Users\thera\Downloads\Raphael_Saadiq_-_Jimmy_Lee_ALBUM_2019
    2019-08-23 16:37 - 2019-08-23 16:44 - 095227410 _____ C:\Users\thera\Downloads\Raphael_Saadiq_-_Jimmy_Lee_ALBUM_2019.zip
    2019-08-23 16:26 - 2019-08-23 16:27 - 000000000 ____D C:\Users\thera\Downloads\Jidenna_-_85_To_Africa_ALBUM_2019
    2019-08-23 16:16 - 2019-08-23 16:22 - 099136766 _____ C:\Users\thera\Downloads\Jidenna_-_85_To_Africa_ALBUM_2019.zip
    2019-08-23 16:12 - 2019-08-23 16:12 - 000000000 ____D C:\Users\thera\Downloads\Chance_The_Rapper_-_The_Big_Day_ALBUM_2019
    2019-08-23 16:11 - 2019-08-23 16:11 - 000000000 ____D C:\Users\thera\Downloads\Tyga_-_Legendary_Deluxe_Edition_ALBUM_2019
    2019-08-23 15:30 - 2019-08-23 15:40 - 167809424 _____ C:\Users\thera\Downloads\Tyga_-_Legendary_Deluxe_Edition_ALBUM_2019.zip
    2019-08-23 15:19 - 2019-08-23 15:19 - 000000000 ____D C:\Users\thera\Downloads\Jeezy_-_TM104_The_Legend_Of_The_Snowman_ALBUM_2019
    2019-08-23 15:12 - 2019-08-23 15:18 - 144851585 _____ C:\Users\thera\Downloads\Jeezy_-_TM104_The_Legend_Of_The_Snowman_ALBUM_2019.zip
    2019-08-23 15:06 - 2019-08-23 15:06 - 000000000 ____D C:\Users\thera\Downloads\Missy_Elliott_-_ICONOLOGY_EP_2019
    2019-08-23 14:50 - 2019-08-23 14:51 - 036618603 _____ C:\Users\thera\Downloads\Missy_Elliott_-_ICONOLOGY_EP_2019.zip
    ==================== One month (modified) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-09-21 16:51 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-09-21 16:50 - 2019-03-02 13:11 - 000000000 ____D C:\Users\thera\AppData\Local\DP_Tower_3.7
    2019-09-21 16:48 - 2019-08-12 12:30 - 000003572 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1565638208
    2019-09-21 16:48 - 2019-08-11 13:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
    2019-09-21 16:48 - 2019-07-28 21:54 - 000003436 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d545c9b7013a17
    2019-09-21 16:48 - 2019-07-28 21:54 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-09-21 16:48 - 2019-04-22 21:33 - 000004362 _____ C:\WINDOWS\System32\Tasks\Software Update Application
    2019-09-21 16:48 - 2019-04-22 21:33 - 000003912 _____ C:\WINDOWS\System32\Tasks\ACCAgent
    2019-09-21 16:48 - 2019-04-22 21:33 - 000003896 _____ C:\WINDOWS\System32\Tasks\Norton Security Scan for thera
    2019-09-21 16:48 - 2019-04-22 21:33 - 000003752 _____ C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258
    2019-09-21 16:48 - 2019-04-22 21:33 - 000003368 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AA5142EC-4A64-41C7-B008-4A8DC68DF648}
    2019-09-21 16:48 - 2019-04-22 21:33 - 000003254 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2019-09-21 16:48 - 2019-04-22 21:33 - 000003178 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002918 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1209155800-3557976415-291662890-1001
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002880 _____ C:\WINDOWS\System32\Tasks\ACC
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002600 _____ C:\WINDOWS\System32\Tasks\Wise Anti Malware Tray
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002564 _____ C:\WINDOWS\System32\Tasks\Reason Antivirus UI
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002468 _____ C:\WINDOWS\System32\Tasks\App Explorer
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002388 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002360 _____ C:\WINDOWS\System32\Tasks\RTKCPL
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002350 _____ C:\WINDOWS\System32\Tasks\Power Button
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002296 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2019-09-21 16:48 - 2019-04-22 21:33 - 000002276 _____ C:\WINDOWS\System32\Tasks\Quick Access
    2019-09-21 16:48 - 2019-03-18 16:05 - 000000440 _____ C:\WINDOWS\Tasks\Wise Anti Malware Tray.job
    2019-09-21 16:33 - 2019-03-02 10:19 - 000000000 ___RD C:\Users\thera\OneDrive
    2019-09-21 16:32 - 2019-08-12 12:31 - 000000000 ____D C:\Users\thera\AppData\Local\CrashDumps
    2019-09-21 16:20 - 2019-03-30 13:04 - 000000000 ____D C:\Users\thera\Downloads\Summer_Walker_-_Last_Day_Of_Summer_ALBUM_2019
    2019-09-21 15:52 - 2019-08-11 14:49 - 000004302 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update
    2019-09-21 15:47 - 2019-08-11 13:24 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2019-09-21 14:33 - 2019-03-02 10:08 - 000000000 ____D C:\Users\thera\AppData\Local\Host App Service
    2019-09-21 14:32 - 2019-08-11 13:33 - 000000000 ____D C:\Users\thera\AppData\Local\AVAST Software
    2019-09-21 14:32 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
    2019-09-21 14:29 - 2019-03-02 10:17 - 000000000 __SHD C:\Users\thera\IntelGraphicsProfiles
    2019-09-21 14:29 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-09-20 22:01 - 2019-04-22 21:11 - 000000000 ____D C:\Users\thera
    2019-09-20 21:53 - 2019-04-22 21:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-09-20 20:45 - 2019-04-22 21:11 - 000002412 _____ C:\Users\thera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-09-20 14:21 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-09-20 13:58 - 2019-04-22 21:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-09-19 18:25 - 2019-07-28 21:57 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-09-19 18:25 - 2019-07-28 21:57 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-09-18 19:06 - 2019-04-22 15:59 - 000000000 ____D C:\Users\thera\Downloads\Anderson_Paak_-_Ventura_ALBUM_2019
    2019-09-17 22:15 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-09-17 13:57 - 2019-03-02 13:10 - 000000000 ____D C:\ProgramData\TMDP_Log
    2019-09-14 19:55 - 2019-03-17 16:13 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-09-11 19:45 - 2019-03-02 13:03 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2019-09-11 19:34 - 2019-03-17 17:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-09-11 17:54 - 2019-04-22 21:22 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-09-11 17:54 - 2019-03-02 10:17 - 000000000 ___RD C:\Users\thera\3D Objects
    2019-09-11 17:54 - 2018-10-12 14:14 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-09-11 17:53 - 2019-03-02 13:11 - 000065536 _____ C:\cert8.db
    2019-09-11 17:53 - 2019-03-02 13:11 - 000016384 _____ C:\key3.db
    2019-09-11 17:47 - 2019-04-22 21:06 - 000271024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-09-11 17:43 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2019-09-11 17:43 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-09-11 17:43 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2019-09-11 17:43 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\oobe
    2019-09-11 17:43 - 2018-04-11 14:04 - 000000000 ____D C:\WINDOWS\system32\Dism
    2019-09-11 17:42 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2019-09-11 17:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-09-11 17:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellComponents
    2019-09-11 17:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2019-09-11 17:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-09-11 17:29 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-09-09 15:25 - 2019-03-02 19:40 - 000000000 ____D C:\Users\thera\AppData\Local\PlaceholderTileLogoFolder
    2019-09-07 13:37 - 2019-08-11 13:37 - 000003856 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
    2019-09-07 13:37 - 2019-08-11 13:37 - 000003272 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
    2019-09-07 13:37 - 2019-08-11 13:37 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
    2019-09-07 13:37 - 2019-08-11 13:37 - 000002467 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
    2019-09-05 21:40 - 2017-09-29 06:46 - 000000327 _____ C:\WINDOWS\win.ini
    2019-09-05 16:53 - 2018-10-12 14:27 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2019-08-31 20:57 - 2018-04-11 16:41 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-08-31 20:57 - 2018-04-11 16:41 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-08-31 07:22 - 2018-10-12 14:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-08-30 13:43 - 2019-03-02 12:07 - 000000000 ____D C:\Program Files\rempl
    2019-08-28 22:42 - 2019-03-07 17:19 - 000000000 ____D C:\Users\thera\AppData\LocalLow\Mozilla
    2019-08-28 18:49 - 2019-04-03 15:20 - 000000000 ___DC C:\WINDOWS\Panther
    2019-08-27 13:46 - 2019-08-11 13:24 - 000478096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    ==================== Files in the root of some directories ================
    2019-04-23 17:40 - 2019-04-23 17:42 - 003431664 _____ () C:\Users\thera\AppData\Roaming\AvidLink_Install.log
    2019-04-22 18:38 - 2019-04-23 00:01 - 000001092 _____ () C:\Users\thera\AppData\Roaming\Avid_CCS_Service_Stop.log
    2019-04-23 14:32 - 2019-04-23 14:32 - 000363400 _____ () C:\Users\thera\AppData\Roaming\CodecsPE_Install.log
    2019-04-23 14:33 - 2019-04-23 14:34 - 000322538 _____ () C:\Users\thera\AppData\Roaming\DXDriver_Install.log
    2019-03-18 17:16 - 2019-03-18 17:16 - 000019262 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-18 17-16-33-145.reg
    2019-03-18 17:16 - 2019-03-18 17:16 - 000034710 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-18 17-16-33-258.reg
    2019-03-18 17:16 - 2019-03-18 17:16 - 000007772 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-18 17-16-33-286.reg
    2019-03-18 17:16 - 2019-03-18 17:16 - 000010406 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-18 17-16-33-300.reg
    2019-03-18 17:16 - 2019-03-18 17:16 - 000122682 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-18 17-16-33-366.reg
    2019-03-18 17:16 - 2019-03-18 17:16 - 000011730 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-18 17-16-33-404.reg
    2019-03-18 17:16 - 2019-03-18 17:16 - 000004670 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-18 17-16-33-493.reg
    2019-03-18 17:16 - 2019-03-18 17:16 - 000003500 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-18 17-16-33-516.reg
    2019-03-22 14:56 - 2019-03-22 14:56 - 000001418 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-22 14-56-59-842.reg
    2019-03-22 14:56 - 2019-03-22 14:56 - 000017860 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-22 14-56-59-924.reg
    2019-03-22 14:56 - 2019-03-22 14:56 - 000000516 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-22 14-56-59-945.reg
    2019-03-22 14:57 - 2019-03-22 14:57 - 000003870 _____ () C:\Users\thera\AppData\Roaming\RegBackupLAPTOP-ETIDKGD4 2019-3-22 14-57-0-21.reg
    2019-03-02 12:58 - 2019-03-02 12:58 - 000000036 _____ () C:\Users\thera\AppData\Local\housecall.guid.cache
    2019-03-02 16:40 - 2019-08-11 13:42 - 000000010 _____ () C:\Users\thera\AppData\Local\sponge.last.runtime.cache
    ==================== SigCheck ===============================
    (There is no automatic fix for files that do not pass verification.)
    ==================== End of FRST.txt ============================




     
  7. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2019 01
    Ran by thera (21-09-2019 16:54:44)
    Running from C:\Users\thera\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
    Windows 10 Home Version 1803 17134.1006 (X64) (2019-04-23 04:39:04)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-1209155800-3557976415-291662890-500 - Administrator - Disabled)
    B1555C52DC994250B707 (S-1-5-21-1209155800-3557976415-291662890-1004 - Limited - Enabled)
    D408D3E9D49841EC8D03 (S-1-5-21-1209155800-3557976415-291662890-1005 - Limited - Enabled)
    DefaultAccount (S-1-5-21-1209155800-3557976415-291662890-503 - Limited - Disabled)
    Guest (S-1-5-21-1209155800-3557976415-291662890-501 - Limited - Disabled)
    thera (S-1-5-21-1209155800-3557976415-291662890-1001 - Administrator - Enabled) => C:\Users\thera
    WDAGUtilityAccount (S-1-5-21-1209155800-3557976415-291662890-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3034 - Acer Incorporated)
    Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
    Acer Jumpstart (HKLM-x32\...\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}) (Version: 3.2.18270.20 - Acer)
    Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3018 - Acer Incorporated)
    AIR Xpand!2 (HKLM\...\{69A89482-FEC4-4E34-97F9-46BB287D0953}) (Version: 18.3.0.1447 - AIR Music Technology)
    Anti Hacker 1.0 (HKLM-x32\...\Anti Hacker_is1) (Version: - )
    App Explorer (HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\Host App Service) (Version: 0.273.3.622 - SweetLabs) <==== ATTENTION
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
    Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.7.2388 - AVAST Software)
    Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 76.0.1632.101 - AVAST Software)
    Avast SecureLine VPN (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.5.515 - AVAST Software)
    Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.245.0 - AVAST Software) Hidden
    Avid Cloud Client Services (HKLM\...\{66E7D4F4-F044-428D-A734-59138A626A52}) (Version: 2.4.0.15 - Avid Technology, Inc.)
    Avid Codecs LE (HKLM-x32\...\{C8867EDE-69E9-422C-9E88-80CF5B897C4F}) (Version: 2.7.3.39175 - Avid Technology)
    Avid Codecs PE (HKLM-x32\...\{73D09A90-CE0C-479C-B510-307DB45B375B}) (Version: 2.7.3.39175 - Avid Technology)
    Avid DX 64 Bit Driver (HKLM\...\{1ACA1BEC-AA10-47DC-AAEF-3273A48F9CA3}) (Version: 8.9.1.46770 - Avid Technology)
    Avid Effects (HKLM\...\{F53B2C5A-9739-425A-B74C-E8D94DF2EFB5}) (Version: 18.12.0.307 - Avid Technology, Inc.)
    Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 18.12.0.307 - Avid Technology, Inc.)
    Avid Link (HKLM\...\{852D24C6-60A0-4822-B05D-A005A6CD2F87}) (Version: 19.3.0.406 - Avid Technology, Inc.)
    Avid Loopmasters Sample Pack (HKLM\...\{52C93C08-8B5F-4B1D-814D-E84C89E50DB7}) (Version: 1.0.0.11 - Avid Technology, Inc.)
    Avid Pro Tools (HKLM\...\{A84B97D8-25B4-4D3E-A443-3B8F767D05F7}) (Version: 18.12.0.307 - Avid Technology, Inc.)
    Blue Cat's Chorus VST-x64 (v4.3) (HKLM\...\{09E5B6D8-D3F4-4174-8610-18BF88851BA2}) (Version: 4.3 - Blue Cat Audio)
    Blue Cat's Flanger VST-x64 (v3.3) (HKLM\...\{2906CD8C-36EC-4EC0-A98F-4D0F40362979}) (Version: 3.3 - Blue Cat Audio)
    Blue Cat's Free Amp VST-x64 (v1.11) (HKLM\...\{7F367ECC-E625-412A-9FED-618B99E2006C}) (Version: 1.11 - Blue Cat Audio)
    Blue Cat's Freeware Pack VST-x64 (v2.4) (HKLM\...\{2D533028-90B8-4989-BE0E-136D8C3F6439}) (Version: 2.4 - Blue Cat Audio)
    Blue Cat's FreqAnalyst VST-x64 (v2.3) (HKLM\...\{CB8467BF-72D6-466E-B907-1C725D008DAF}) (Version: 2.3 - Blue Cat Audio)
    Blue Cat's Gain Suite VST-x64 (v3.3) (HKLM\...\{69B583CE-463B-4B61-AEF6-C0166045A9EA}) (Version: 3.3 - Blue Cat Audio)
    Blue Cat's Phaser VST-x64 (v3.3) (HKLM\...\{F8498DB3-480D-4047-B479-C9C4038AF63C}) (Version: 3.3 - Blue Cat Audio)
    Blue Cat's Triple EQ VST-x64 (v4.3) (HKLM\...\{CAD1E444-00B9-4796-A0E6-CB50FB1E63A0}) (Version: 4.3 - Blue Cat Audio)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
    FB360 Spatial Workstation AAX version 3.3 (HKLM\...\FB360 Spatial Workstation AAX_is1) (Version: 3.3 - )
    First AIR Effects (HKLM\...\{FB2E34B9-90BF-44E1-BC1D-9AE1AC81BB65}) (Version: 18.8.1.1448 - AIR Music Technology)
    FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
    FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    Grammarly (HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\GrammarlyForWindows) (Version: 1.5.48 - Grammarly)
    Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6286 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1713.2 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Microsoft OneDrive (HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Mozilla Firefox 65.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 65.0.2 (x86 en-US)) (Version: 65.0.2 - Mozilla)
    Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
    Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.179 - Symantec Corporation)
    Opera Stable 62.0.3331.68 (HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\Opera 62.0.3331.68) (Version: 62.0.3331.68 - Opera Software)
    PACE License Support Win64 (HKLM\...\{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.) Hidden
    PACE License Support Win64 (HKLM-x32\...\InstallShield_{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.)
    ProtonVPN (HKLM-x32\...\{8725D84B-70EA-468D-A8F3-D175DA616B52}) (Version: 1.10.1 - ProtonVPN AG) Hidden
    ProtonVPN (HKLM-x32\...\ProtonVPN 1.10.1) (Version: 1.10.1 - ProtonVPN AG)
    ProtonVPNTap (HKLM-x32\...\{C23BCE3A-FD25-48BA-948E-2CE94576F983}) (Version: 1.0.1 - ProtonVPN AG)
    Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10454 - Qualcomm)
    Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.448 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8569 - Realtek Semiconductor Corp.)
    Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 5.0.0.1066 - Trend Micro Inc.)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    VirtualDJ 2018 (HKLM-x32\...\{276C552D-2617-4EC0-8893-D3A0A0D11463}) (Version: 8.3.4787.0 - Atomix Productions)
    Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
    Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
    Wise Anti Malware 2.1.8 (HKLM\...\Wise Anti Malware_is1) (Version: 2.1.8 - WiseCleaner.com, Inc.)
    Packages:
    =========
    AccuWeather - Weather for Life -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.348.1000_x64__8zz2pj9h1h1d8 [2019-03-02] (AccuWeather) [MS Ad]
    Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3010.0_x64__48frkmn4z8aw4 [2019-04-28] (Acer Incorporated)
    Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2019-03-02] (Amazon.com)
    Booking.com Partner App -> C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerApp_1.1.2.1000_x64__6wqyppa9wfhnr [2019-03-02] (Booking.com B.V.)
    Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.20.8.0_x86__kgqvnymyfvs32 [2019-09-11] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1590.2.0_x86__kgqvnymyfvs32 [2019-09-05] (king.com)
    eBay -> C:\Program Files\WindowsApps\eBay_1.0.1606.2210_x64__96rgg7pjt343r [2018-10-12] (CN=Acer Incorporated)
    Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.20.8626.0_x86__q4d96b2w5wcc2 [2019-08-13] (Evernote)
    Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-03-17] (Fitbit)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
    Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-02] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-02] (Microsoft Corporation) [MS Ad]
    Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
    Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
    Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
    Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
    Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-26] (Microsoft Studios) [MS Ad]
    Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.562.0_x64__mcm4njqhnhss8 [2019-09-17] (Netflix, Inc.)
    Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-03-17] (Thumbmunkeys Ltd) [MS Ad]
    Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-03-17] (Plex)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxDTCM.dll [2018-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-08-16] (AVAST Software s.r.o. -> AVAST Software)
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============
    2019-09-19 17:49 - 2018-07-06 17:22 - 001603072 _____ () [File not signed] C:\Program Files (x86)\Windscribe\libGLESv2.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 000071168 _____ () [File not signed] C:\Program Files (x86)\Windscribe\zlib1.dll
    2019-03-12 08:16 - 2019-03-12 08:16 - 000017408 _____ () [File not signed] C:\Program Files\Avid\Avid Link\FTF_JNI.dll
    2016-11-10 13:34 - 2016-11-10 13:34 - 008419840 _____ () [File not signed] c:\program files\avid\avid link\jre\bin\server\jvm.dll
    2018-10-10 21:46 - 2018-10-10 21:46 - 000014848 _____ () [File not signed] C:\Program Files\Avid\Avid Link\libEGL.DLL
    2018-10-10 21:46 - 2018-10-10 21:46 - 002521600 _____ () [File not signed] C:\Program Files\Avid\Avid Link\libGLESv2.dll
    2017-11-09 16:30 - 2017-11-09 16:30 - 004942848 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\AssetDeliveryCog.acf
    2017-11-09 16:27 - 2017-11-09 16:27 - 002111488 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\AssetDeliveryInterfaceCog.acf
    2017-11-09 16:21 - 2017-11-09 16:21 - 004502528 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\AvidAssetCog.acf
    2017-11-09 16:23 - 2017-11-09 16:23 - 002041856 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\AvidAssetInterfaceCog.acf
    2017-11-09 16:28 - 2017-11-09 16:28 - 002012160 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\CompressionCog.acf
    2017-11-09 16:27 - 2017-11-09 16:27 - 001701376 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\FileMgrCog.acf
    2017-11-09 16:19 - 2017-11-09 16:19 - 004383744 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\NetworkInterfaceCog.acf
    2017-11-09 16:24 - 2017-11-09 16:24 - 002758144 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\ProjectSyncCog.acf
    2017-11-09 16:25 - 2017-11-09 16:25 - 002073088 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\ProjectSyncInterfaceCog.acf
    2017-04-03 22:16 - 2017-04-03 22:16 - 000098304 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\PXF\PXFPlugin.acf
    2017-11-09 16:22 - 2017-11-09 16:22 - 001780224 _____ () [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\TransportCog.acf
    2019-03-02 13:11 - 2017-01-26 12:35 - 001078272 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\ffmpeg.dll
    2019-03-02 13:11 - 2017-02-23 02:31 - 000079872 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\libegl.dll
    2019-03-02 13:11 - 2017-02-23 02:31 - 001922560 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\libglesv2.dll
    2019-03-02 13:11 - 2017-02-23 01:31 - 004834816 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\node.dll
    2019-03-18 16:04 - 2017-09-07 11:42 - 000902656 _____ () [File not signed] C:\Program Files\Wise\Wise Anti Malware\sqlite3.dll
    2019-09-21 14:32 - 2019-09-21 14:32 - 000030208 ____N () [File not signed] C:\Users\thera\AppData\Local\Temp\JARLIB-5510306190859329753AMCommonAnalytics.dll
    2017-04-03 22:13 - 2017-04-03 22:13 - 000099840 _____ (Avid Technology, Inc.) [File not signed] C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\PXF\ACFString.avx
    2016-11-10 13:34 - 2016-11-10 13:34 - 000153088 _____ (N/A) [File not signed] c:\program files\avid\avid link\jre\bin\java.dll
    2016-11-10 13:34 - 2016-11-10 13:34 - 000030720 _____ (N/A) [File not signed] C:\Program Files\Avid\Avid Link\jre\bin\management.dll
    2016-11-10 13:34 - 2016-11-10 13:34 - 000088576 _____ (N/A) [File not signed] C:\Program Files\Avid\Avid Link\jre\bin\net.dll
    2016-11-10 13:34 - 2016-11-10 13:34 - 000054272 _____ (N/A) [File not signed] C:\Program Files\Avid\Avid Link\jre\bin\nio.dll
    2016-11-10 13:34 - 2016-11-10 13:34 - 000128512 _____ (N/A) [File not signed] C:\Program Files\Avid\Avid Link\jre\bin\sunec.dll
    2016-11-10 13:34 - 2016-11-10 13:34 - 000043008 _____ (N/A) [File not signed] c:\program files\avid\avid link\jre\bin\verify.dll
    2016-11-10 13:34 - 2016-11-10 13:34 - 000071168 _____ (N/A) [File not signed] c:\program files\avid\avid link\jre\bin\zip.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 000058368 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\cares.dll
    2019-09-19 17:49 - 2018-09-13 23:56 - 000350208 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\libcurl.dll
    2019-03-02 13:11 - 2017-02-23 02:31 - 068185600 _____ (The NWJS Community) [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\nw.dll
    2019-03-02 13:11 - 2017-02-23 02:31 - 000421888 _____ (The NWJS Community) [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\nw_elf.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 001212928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\LIBEAY32.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\SSLEAY32.dll
    2019-08-11 14:49 - 2018-09-05 22:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine VPN\libcrypto-1_1.dll
    2019-03-12 08:16 - 2019-03-12 08:16 - 001809920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Avid\Avid Link\LIBEAY32.dll
    2019-03-12 08:16 - 2019-03-12 08:16 - 000349696 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Avid\Avid Link\ssleay32.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qgif.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qico.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 000986624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\platforms\qwindows.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 004694016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Core.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 003677184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Gui.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 000856064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Network.dll
    2019-09-19 17:49 - 2018-07-06 17:22 - 004483072 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Widgets.dll
    2018-10-10 21:50 - 2018-10-10 21:50 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\bearer\qgenericbearer.dll
    2018-10-10 21:50 - 2018-10-10 21:50 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\imageformats\qgif.dll
    2018-10-10 21:50 - 2018-10-10 21:50 - 000041472 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\imageformats\qicns.dll
    2018-10-10 21:49 - 2018-10-10 21:49 - 000032768 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\imageformats\qico.dll
    2018-10-10 21:50 - 2018-10-10 21:50 - 000278016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\imageformats\qjpeg.dll
    2018-10-10 21:51 - 2018-10-10 21:51 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\imageformats\qsvg.dll
    2018-10-10 21:50 - 2018-10-10 21:50 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\imageformats\qtga.dll
    2018-10-10 21:50 - 2018-10-10 21:50 - 000371712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\imageformats\qtiff.dll
    2018-10-10 21:50 - 2018-10-10 21:50 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\imageformats\qwbmp.dll
    2018-10-10 21:51 - 2018-10-10 21:51 - 000505856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\imageformats\qwebp.dll
    2019-03-12 08:24 - 2019-03-12 08:24 - 001337856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\platforms\qwindows.dll
    2019-03-12 08:26 - 2019-03-12 08:26 - 005652992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5Core.dll
    2019-03-12 08:24 - 2019-03-12 08:24 - 006032384 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5Gui.dll
    2019-03-12 08:24 - 2019-03-12 08:24 - 001225728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5Network.dll
    2018-10-10 22:03 - 2018-10-10 22:03 - 000286720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5Positioning.dll
    2018-10-10 21:49 - 2018-10-10 21:49 - 000319488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5PrintSupport.dll
    2018-10-10 21:53 - 2018-10-10 21:53 - 003432960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5Qml.dll
    2018-10-10 21:54 - 2018-10-10 21:54 - 003465728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5Quick.dll
    2018-10-10 21:54 - 2018-10-10 21:54 - 000072192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5QuickWidgets.dll
    2019-03-12 08:24 - 2019-03-12 08:24 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5Svg.dll
    2018-10-10 22:00 - 2018-10-10 22:00 - 000111616 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5WebChannel.dll
    2018-10-10 23:47 - 2018-10-10 23:47 - 000352256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5WebEngine.dll
    2018-10-10 23:43 - 2018-10-10 23:43 - 074279424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5WebEngineCore.dll
    2018-10-10 23:47 - 2018-10-10 23:47 - 000226304 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5WebEngineWidgets.dll
    2019-03-12 08:24 - 2019-03-12 08:24 - 000148992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5WebSockets.dll
    2019-03-12 08:24 - 2019-03-12 08:24 - 005564928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5Widgets.dll
    2019-03-12 08:24 - 2019-03-12 08:24 - 000193024 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Avid\Avid Link\Qt5Xml.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\ProgramData:38EF7CBEEA128F01 [217]
    AlternateDataStreams: C:\Users\All Users:38EF7CBEEA128F01 [217]
    AlternateDataStreams: C:\ProgramData\Application Data:38EF7CBEEA128F01 [217]
    AlternateDataStreams: C:\Users\thera\OneDrive\Documents\Blue Cat Audio:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\thera\OneDrive\Documents\Image-Line:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\thera\OneDrive\Documents\iZotope:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\thera\OneDrive\Documents\Pro Tools:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\thera\OneDrive\Documents\ScanGuard:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\thera\OneDrive\Documents\TotalAV:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\thera\OneDrive\Documents\VirtualDJ:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75852566.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75852566.sys => ""="Driver"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    IE trusted site: HKU\.DEFAULT\...\trendmicro.com -> hxxps://pwm.trendmicro.com
    IE trusted site: HKU\S-1-5-21-1209155800-3557976415-291662890-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2019-09-21 14:32 - 2019-09-21 16:34 - 000000908 _____ C:\WINDOWS\system32\drivers\etc\hosts
    212.103.49.66 us-west-027.whiskergalaxy.com #added by Windscribe, do not modify.
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-1209155800-3557976415-291662890-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\thera\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Sri Yantra Blue.png
    DNS Servers: 10.255.255.2 - 172.16.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    If an entry is included in the fixlist, it will be removed.

    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{546D573A-151E-4644-8034-D000F43C7EE2}] => (Allow) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe (Avid Technology, Inc. -> Avid Technology, Inc.)
    FirewallRules: [{589F7AB9-35EC-444F-B522-6AE85698B391}] => (Allow) C:\Program Files\Avid\Cloud Client Services\Hub.exe (Avid Technology, Inc. -> Avid Technology, Inc.)
    FirewallRules: [{96A24D0D-1C0D-4D40-A7A0-7ACD3EFD8A42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{39FF31C8-0780-4AAF-BF24-3BBE20C0BAB0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{00722CCD-5309-4B27-9059-6519DA001385}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{DD62696B-D40F-45B2-9D01-CC3668B69D5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{4E2B9E6E-D8A8-47E2-BD73-F76F16632D31}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{1AA4A0B9-1D1A-4C46-ADDF-D923BBEB29B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{FE1197F2-3CE1-412A-B08B-2D8E304EA533}] => (Allow) C:\Program Files\Avid\Pro Tools\ProTools.exe (Avid Technology, Inc. -> Avid Technology, Inc.)
    FirewallRules: [{93B7682B-C384-4449-AA80-0A91F1A2B334}] => (Allow) C:\Program Files\Avid\Avid Link\jre\bin\java.exe
    FirewallRules: [{19476EBC-311C-4E55-8292-037E256A4861}] => (Allow) C:\Program Files\Avid\Avid Link\Avid Link.exe (Avid Technology, Inc. -> Avid Technology, Inc.)
    FirewallRules: [{BF624EC5-340A-4A29-A203-331E550692AD}] => (Allow) C:\Program Files\Avid\Avid Link\AvidAppManHelper.exe (Avid Technology, Inc. -> Avid Technology, Inc.)
    FirewallRules: [{17733B4F-BB62-4FFD-A10C-D742BC1A64DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11929.20254.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{19AD0ED3-E833-42BD-97D8-36E62173D058}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
    FirewallRules: [{2A751180-B98E-4C23-A02A-A8FBED83DD90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11929.20300.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{E4E9F7D2-D9BA-4442-90CF-5683E493FB1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    ==================== Restore Points =========================
    30-08-2019 13:42:15 Windows Update
    05-09-2019 16:48:58 Windows Update
    09-09-2019 19:00:17 Windows Modules Installer
    17-09-2019 21:30:08 Installed ProtonVPN
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (09/21/2019 04:42:47 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .

    Operation:
    Executing Asynchronous Operation
    Context:
    Current State: DoSnapshotSet
    Error: (09/21/2019 04:41:05 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.

    Operation:
    Gathering Writer Data
    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {9827e605-018d-4b53-ab07-4d12a5752bef}
    Error: (09/21/2019 04:34:38 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAPTOP-ETIDKGD4)
    Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1
    Error: (09/21/2019 04:34:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAPTOP-ETIDKGD4)
    Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1
    Error: (09/21/2019 04:32:24 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Windscribe.exe, version: 1.83.1.20, time stamp: 0x5c425346
    Faulting module name: Windscribe.exe, version: 1.83.1.20, time stamp: 0x5c425346
    Exception code: 0xc0000005
    Fault offset: 0x000cd38f
    Faulting process id: 0x389c
    Faulting application start time: 0x01d570c3de641dc1
    Faulting application path: C:\Program Files (x86)\Windscribe\Windscribe.exe
    Faulting module path: C:\Program Files (x86)\Windscribe\Windscribe.exe
    Report Id: 654e3ba5-882f-4872-b480-9a1c66ecada6
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (09/21/2019 02:32:01 PM) (Source: RasClient) (EventID: 20227) (User: )
    Description: CoId={AD5C353F-48FB-49F2-ADF1-4D2269A2D5F2}: The user SYSTEM dialed a connection named Windscribe IKEv2 which has failed. The error code returned on failure is 633.
    Error: (09/21/2019 02:31:42 PM) (Source: RasClient) (EventID: 20227) (User: )
    Description: CoId={F98700DE-FEB4-4DED-9839-32291E75C9C5}: The user SYSTEM dialed a connection named Windscribe IKEv2 which has failed. The error code returned on failure is 809.
    Error: (09/21/2019 02:31:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: LAPTOP-ETIDKGD4)
    Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

    System errors:
    =============
    Error: (09/21/2019 04:41:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Push Notifications User Service_227aaa3 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    Error: (09/21/2019 04:37:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (09/21/2019 04:36:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Push Notifications User Service_227aaa3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    Error: (09/21/2019 04:33:09 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-ETIDKGD4)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user LAPTOP-ETIDKGD4\thera SID (S-1-5-21-1209155800-3557976415-291662890-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
    Error: (09/21/2019 04:27:10 PM) (Source: Schannel) (EventID: 4114) (User: LAPTOP-ETIDKGD4)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.
    Error: (09/21/2019 04:27:02 PM) (Source: Schannel) (EventID: 4114) (User: LAPTOP-ETIDKGD4)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.
    Error: (09/21/2019 04:26:57 PM) (Source: Schannel) (EventID: 4114) (User: LAPTOP-ETIDKGD4)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.
    Error: (09/21/2019 04:26:54 PM) (Source: Schannel) (EventID: 4114) (User: LAPTOP-ETIDKGD4)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.

    Windows Defender:
    ===================================
    Date: 2019-09-11 19:25:13.101
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.299.1774.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16200.1
    Error code: 0x80240022
    Error description: The program can't check for definition updates.
    Date: 2019-09-11 19:25:13.101
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.299.1774.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16200.1
    Error code: 0x80240022
    Error description: The program can't check for definition updates.
    CodeIntegrity:
    ===================================
    Date: 2019-08-11 13:49:27.010
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\TmMon\2.7.0.1050\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-08-11 13:49:26.995
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\AddOn\8.10.0.1068\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-08-11 13:47:14.766
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\TmMon\2.7.0.1050\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-08-11 13:47:13.255
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\AddOn\8.10.0.1068\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-08-09 14:23:21.292
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\TmMon\2.7.0.1050\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-08-09 14:23:21.278
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\AddOn\8.10.0.1068\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-08-09 14:21:45.983
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\TmMon\2.7.0.1050\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-08-09 14:21:45.739
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\AddOn\8.10.0.1068\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    ==================== Memory info ===========================
    BIOS: Insyde Corp. V1.47 09/06/2018
    Motherboard: KBL Ironman_SK
    Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
    Percentage of memory in use: 91%
    Total physical RAM: 6021.22 MB
    Available physical RAM: 488.27 MB
    Total Virtual: 11397.22 MB
    Available Virtual: 3473.33 MB
    ==================== Drives ================================
    Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:807.91 GB) NTFS
    Drive e: (Acer) (RAMDisk) (Total:930.4 GB) (Free:806.1 GB) NTFS
    \\?\Volume{1870c9f1-a353-4233-baa1-798d6fb06952}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.62 GB) NTFS
    \\?\Volume{43f8e93d-4b85-4b70-9317-c0ced2e455d2}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 2992762F)
    Partition: GPT.
    ==================== End of Addition.txt ============================

    [/QUOTE]
     
  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi HelpMe510,

    Did you set the following proxy server in Firefox?

    So far, I see no evidence of a malware infection - only a potentially unwanted program (PUP) installed.

    ---------------------------------------------------
    Uninstall a Program

    • Press the Windows Key + R.
    • Type appwiz.cpl in the Run box and click OK.
    • The Add/Remove Programs list will open. Locate the following program(s) on the list:
    • Select the above program(s) and click Uninstall.
    • Restart the computer if prompted.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      EmptyTemp:
      CloseProcesses:
      Task: {E23F18ED-13B3-4FE2-B7F6-92400C8AB725} - System32\Tasks\App Explorer => C:\Users\thera\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7417512 2019-08-27] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
      SearchScopes: HKU\S-1-5-21-1209155800-3557976415-291662890-1001 -> DefaultScope {6CB17CAE-7523-44C8-A721-3FAD0F43CC06} URL =
      SearchScopes: HKU\S-1-5-21-1209155800-3557976415-291662890-1001 -> {6CB17CAE-7523-44C8-A721-3FAD0F43CC06} URL =
      2019-09-21 16:48 - 2019-04-22 21:33 - 000002468 _____ C:\WINDOWS\System32\Tasks\App Explorer
      2019-09-21 14:33 - 2019-03-02 10:08 - 000000000 ____D C:\Users\thera\AppData\Local\Host App Service
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      AlternateDataStreams: C:\ProgramData:38EF7CBEEA128F01 [217]
      AlternateDataStreams: C:\Users\All Users:38EF7CBEEA128F01 [217]
      AlternateDataStreams: C:\ProgramData\Application Data:38EF7CBEEA128F01 [217]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\Blue Cat Audio:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\Image-Line:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\iZotope:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\Pro Tools:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\ScanGuard:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\TotalAV:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\VirtualDJ:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      CMD: type "C:\TDSSKiller.3.1.0.28_17.09.2019_22.18.30_log.txt"
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    AdwCleaner

    Download AdwCleaner and save it to your desktop.
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now ...
      • When the scan has finished a Scan Results window will open.
      • Click Cancel (at this point do not attempt to Quarantine anything that is found)
    • Now click the Log Files tab ...
      • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the scan.
      • Please post the contents of the file in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • AdwCleaner[S0*].txt
     
    HelpMe510 likes this.
  9. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    Ok will do, no I did not do anything to the Firefox proxy so that's strange. I still have some concern though. Before I contacted you i tried to download BitDefender and it was blocked, I didn't block it. The error message said: "This download has been blocked by the administrator, please contact them" I am the only administrator on this computer. what does that mean?
    QUOTE="iMacg3, post: 9637820, member: 942080"]Hi HelpMe510,

    Did you set the following proxy server in Firefox?



    So far, I see no evidence of a malware infection - only a potentially unwanted program (PUP) installed.

    ---------------------------------------------------
    Uninstall a Program

    • Press the Windows Key + R.
    • Type appwiz.cpl in the Run box and click OK.
    • The Add/Remove Programs list will open. Locate the following program(s) on the list:
    • Select the above program(s) and click Uninstall.
    • Restart the computer if prompted.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      EmptyTemp:
      CloseProcesses:
      Task: {E23F18ED-13B3-4FE2-B7F6-92400C8AB725} - System32\Tasks\App Explorer => C:\Users\thera\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7417512 2019-08-27] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
      SearchScopes: HKU\S-1-5-21-1209155800-3557976415-291662890-1001 -> DefaultScope {6CB17CAE-7523-44C8-A721-3FAD0F43CC06} URL =
      SearchScopes: HKU\S-1-5-21-1209155800-3557976415-291662890-1001 -> {6CB17CAE-7523-44C8-A721-3FAD0F43CC06} URL =
      2019-09-21 16:48 - 2019-04-22 21:33 - 000002468 _____ C:\WINDOWS\System32\Tasks\App Explorer
      2019-09-21 14:33 - 2019-03-02 10:08 - 000000000 ____D C:\Users\thera\AppData\Local\Host App Service
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      AlternateDataStreams: C:\ProgramData:38EF7CBEEA128F01 [217]
      AlternateDataStreams: C:\Users\All Users:38EF7CBEEA128F01 [217]
      AlternateDataStreams: C:\ProgramData\Application Data:38EF7CBEEA128F01 [217]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\Blue Cat Audio:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\Image-Line:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\iZotope:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\Pro Tools:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\ScanGuard:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\TotalAV:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      AlternateDataStreams: C:\Users\thera\OneDrive\Documents\VirtualDJ:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
      CMD: type "C:\TDSSKiller.3.1.0.28_17.09.2019_22.18.30_log.txt"
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    AdwCleaner

    Download AdwCleaner and save it to your desktop.
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now ...
      • When the scan has finished a Scan Results window will open.
      • Click Cancel (at this point do not attempt to Quarantine anything that is found)
    • Now click the Log Files tab ...
      • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the scan.
      • Please post the contents of the file in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • AdwCleaner[S0*].txt
    [/QUOTE]
     
  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi HelpMe510,

    Thanks for the information. Please continue with the instructions to uninstall App Explorer, then run Farbar Recovery Scan Tool/AdwCleaner and post the results.
     
  11. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    The text info was too long for this message. So I attached the text file to this message.
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    AdwCleaner

    Download AdwCleaner and save it to your desktop.
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now ...
      • When the scan has finished a Scan Results window will open.
      • Click Cancel (at this point do not attempt to Quarantine anything that is found)
    • Now click the Log Files tab ...
      • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the scan.
      • Please post the contents of the file in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • AdwCleaner[S0*].txt
    [/QUOTE]
     

    Attached Files:

  12. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    # -------------------------------
    # Malwarebytes AdwCleaner 7.4.1.0
    # -------------------------------
    # Build: 09-04-2019
    # Database: 2019-09-18.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 09-22-2019
    # Duration: 00:00:30
    # OS: Windows 10 Home
    # Scanned: 35634
    # Detected: 41

    ***** [ Services ] *****
    No malicious services found.
    ***** [ Folders ] *****
    PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare C:\Users\thera\AppData\LocalLow\IObit\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare C:\Users\thera\AppData\Roaming\IObit\Advanced SystemCare
    PUP.Optional.AmazonAssistant C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected]
    PUP.Optional.DriveTheLife C:\Program Files (x86)\OSTotoSoft\DriverTalent
    PUP.Optional.DriverTalent C:\OSTotoFolder
    PUP.Optional.DriverTalent C:\Program Files (x86)\OSTotoSoft
    PUP.Optional.PCProtect C:\ProgramData\SecuritySuite
    ***** [ Files ] *****
    Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
    ***** [ DLL ] *****
    No malicious DLLs found.
    ***** [ WMI ] *****
    No malicious WMI found.
    ***** [ Shortcuts ] *****
    No malicious shortcuts found.
    ***** [ Tasks ] *****
    No malicious tasks found.
    ***** [ Registry ] *****
    PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
    PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
    PUP.Optional.PCProtect HKCU\Software\SSProtect
    PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
    PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    ***** [ Chromium (and derivatives) ] *****
    No malicious Chromium entries found.
    ***** [ Chromium URLs ] *****
    No malicious Chromium URLs found.
    ***** [ Firefox (and derivatives) ] *****
    PUP.Optional.Assistant Amazon Assistant for Firefox
    PUP.Optional.Assistant Amazon Assistant for Firefox
    ***** [ Firefox URLs ] *****
    No malicious Firefox URLs found.
    ***** [ Preinstalled Software ] *****
    Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
    Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F350A820-60B3-4E3C-87BE-DB4435EF992D}
    Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A852EB45-8F7D-4275-B565-291233A28770}
    Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F350A820-60B3-4E3C-87BE-DB4435EF992D}
    Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
    Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
    Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AF41E84-3408-499A-8C93-8891F0612719}
    Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
    Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
    Preinstalled.AcerConfigurationManager Folder C:\Program Files (x86)\ACER\AMUNDSEN\2.1.16258
    Preinstalled.AcerConfigurationManager Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66267A0C-9DE4-43DC-9128-71BEB73099A5}
    Preinstalled.AcerConfigurationManager Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerCMUpdateTask2.1.16258
    Preinstalled.AcerConfigurationManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{414D554E-4453-454E-0201-000000016258}
    Preinstalled.AcerConfigurationManager Task C:\Windows\System32\Tasks\ACERCMUPDATETASK2.1.16258
    Preinstalled.AcerJumpstart Folder C:\Program Files (x86)\ACER\ACER JUMPSTART
    Preinstalled.AcerJumpstart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}
    Preinstalled.AcerPowerManagement File C:\Users\thera\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Power Button.lnk
    Preinstalled.AcerQuickAccess Folder C:\Program Files\ACER\ACER QUICK ACCESS
    Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DCEDA9C-3C50-463E-94F8-D1F35F60EDE3}
    Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{198E90BE-1371-4E7A-82CA-655822FC73AC}
    Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Button
    Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
    Preinstalled.AcerQuickAccess Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}
    Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\POWER BUTTON
    Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\QUICK ACCESS

    AdwCleaner_Debug.log - [13263 octets] - [22/09/2019 14:22:02]
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
     
  13. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    2019-09-22 21:22:02 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched
    2019-09-22 21:22:04 : <INFO> [Telemetry] Sending hello
    ication updates
    2019-09-22 21:22:08 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
    2019-09-22 21:22:08 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
    2019-09-22 21:22:08 : <INFO> [SslCert] Locality Name ("Santa Clara")
    2019-09-22 21:22:08 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
    2019-09-22 21:22:08 : <INFO> [SslCert] Certificate EffectiveDate: "Mon Oct 2 00:00:00 2017 GMT"
    2019-09-22 21:22:08 : <INFO> [SslCert] Certificate ExpirationDate: "Tue Oct 6 12:00:00 2020 GMT"
    2019-09-22 21:22:08 : <INFO> [SslCert] ALPN: None
    2019-09-22 21:22:08 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
    2019-09-22 21:22:08 : <INFO> [SslCert] KXE: "ECDH"
    2019-09-22 21:22:08 : <INFO> [SslCert] Protocol: "TLSv1.2"
    2019-09-22 21:22:08 : <INFO> [Telemetry] Status code: QVariant(int, 200)
    2019-09-22 21:22:13 : <INFO> [Button clicked] EULA agreed
    2019-09-22 21:53:38 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched
    2019-09-22 21:53:38 : <INFO> [AdwUpgrade] Checking application updates
    2019-09-22 21:53:38 : <INFO> [Telemetry] Sending hello
    2019-09-22 21:53:38 : <WARNING> Type conversion already registered from type QPair<QByteArray,QByteArray> to type QtMetaTypePrivate::QPairVariantInterfaceImpl
    2019-09-22 21:53:40 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
    2019-09-22 21:53:40 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
    2019-09-22 21:53:40 : <INFO> [SslCert] Locality Name ("Santa Clara")
    2019-09-22 21:53:40 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
    2019-09-22 21:53:40 : <INFO> [SslCert] Certificate EffectiveDate: "Mon Oct 2 00:00:00 2017 GMT"
    2019-09-22 21:53:40 : <INFO> [SslCert] Certificate ExpirationDate: "Tue Oct 6 12:00:00 2020 GMT"
    2019-09-22 21:53:40 : <INFO> [SslCert] ALPN: None
    2019-09-22 21:53:40 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
    2019-09-22 21:53:40 : <INFO> [SslCert] KXE: "ECDH"
    2019-09-22 21:53:40 : <INFO> [SslCert] Protocol: "TLSv1.2"
    2019-09-22 21:53:40 : <INFO> [Telemetry] Status code: QVariant(int, 200)
    2019-09-22 21:53:41 : <INFO> [Button clicked] Scan
    2019-09-22 21:53:41 : <INFO> [Scan] Started
    2019-09-22 21:53:41 : <INFO> [Database] Downloading database
    2019-09-22 21:53:49 : <INFO> [Database] Checking integrity
    2019-09-22 21:53:49 : <INFO> [Database] Found 2600 families
    2019-09-22 21:53:49 : <INFO> [Database] Database v "2019-09-18.1"
    2019-09-22 21:53:49 : <INFO> [Loading paths] Local paths loaded
    2019-09-22 21:53:49 : <INFO> [Loading paths] Chrome paths loaded
    2019-09-22 21:53:49 : <INFO> [Loading paths] User Keys loaded
    2019-09-22 21:53:49 : <INFO> [Module initialized] "File"
    2019-09-22 21:53:49 : <INFO> [Module initialized] "Folder"
    2019-09-22 21:53:49 : <INFO> [Module initialized] "RegistryKey"
    2019-09-22 21:53:49 : <INFO> [Module initialized] "RegistryValue"
    2019-09-22 21:53:49 : <INFO> [Module initialized] "TaskName"
    2019-09-22 21:53:49 : <INFO> [Module initialized] "Service"
    2019-09-22 21:53:49 : <INFO> [Module initialized] "Winlogon"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "URL"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "RegAppInit"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "RegClasses"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "DNS"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "RegFirewallPolicy"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "RegGuid"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "RegIEElevationPolicy"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "RegOther"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "RegProductID"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "RegSoftware"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "RegStartup"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "WMI"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "ChromiumExt"
    2019-09-22 21:53:52 : <INFO> [Module initialized] "FirefoxExt"
    2019-09-22 21:53:52 : <INFO> [Module initialize] Scan Browser
    2019-09-22 21:53:53 : <INFO> [Module initialize] Scan Browser FF
    2019-09-22 21:53:53 : <INFO> [Module initialize] FF start pages loaded
    2019-09-22 21:53:53 : <INFO> [Module initialize] FF search providers loaded
    2019-09-22 21:53:53 : <INFO> [Module initialize] FF plugin list loaded
    2019-09-22 21:53:53 : <INFO> [Scan] Exclusions loaded
    2019-09-22 21:54:01 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "C:\\Users\\thera\\AppData\\Roaming\\IObit\\Advanced SystemCare" [ "Folder" ]
    2019-09-22 21:54:01 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "C:\\Users\\thera\\AppData\\LocalLow\\IObit\\Advanced SystemCare" [ "Folder" ]
    2019-09-22 21:54:01 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "C:\\ProgramData\\IObit\\Advanced SystemCare" [ "Folder" ]
    2019-09-22 21:54:01 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\Software\\Wow6432Node\\\\Google\\Chrome\\NativeMessagingHosts\\com.ascplugin.protect" [ "Registry" ]
    2019-09-22 21:54:01 : <INFO> [Scan] Item detected: "PUP.Optional.AdvancedSystemCare" , "HKLM\\Software\\Wow6432Node\\IOBIT\\ASC" [ "Registry" ]
    2019-09-22 21:54:02 : <INFO> [Scan] Item detected: "PUP.Optional.PCProtect" , "C:\\ProgramData\\SecuritySuite" [ "Folder" ]
    2019-09-22 21:54:02 : <INFO> [Scan] Item detected: "PUP.Optional.PCProtect" , "HKCU\\Software\\SSProtect" [ "Registry" ]
    2019-09-22 21:54:02 : <INFO> [Scan] Item detected: "PUP.Optional.Assistant" , "Amazon Assistant for Firefox" [ "Firefox" ]
    2019-09-22 21:54:02 : <INFO> [Scan] Item detected: "PUP.Optional.Assistant" , "Amazon Assistant for Firefox" [ "Firefox" ]
    2019-09-22 21:54:03 : <INFO> [Scan] Item detected: "PUP.Optional.DriveTheLife" , "C:\\Program Files (x86)\\OSTotoSoft\\DriverTalent" [ "Folder" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "PUP.Optional.TotalAV" , "HKLM\\SOFTWARE\\Google\\Chrome\\NativeMessagingHosts\\com.totalav.passwordvaultassistant" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "PUP.Optional.TotalAV" , "HKLM\\SOFTWARE\\Mozilla\\NativeMessagingHosts\\com.totalav.passwordvaultassistant" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Adware.pokki" , "C:\\Windows\\System32\\Tasks_Migrated\\App Explorer" [ "File" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "PUP.Optional.AmazonAssistant" , "C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions\\[email protected]" [ "Folder" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerQuickAccess" , "C:\\Program Files\\ACER\\ACER QUICK ACCESS" [ "Folder" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerQuickAccess" , "C:\\Windows\\System32\\Tasks\\QUICK ACCESS" [ "Task" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Quick Access" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerQuickAccess" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Quick Access" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerQuickAccess" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{198E90BE-1371-4E7A-82CA-655822FC73AC}\u0000" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerQuickAccess" , "C:\\Windows\\System32\\Tasks\\POWER BUTTON" [ "Task" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Power Button" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerQuickAccess" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Power Button" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerQuickAccess" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{0DCEDA9C-3C50-463E-94F8-D1F35F60EDE3}\u0000" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerQuickAccess" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerCareCenter" , "C:\\Program Files (x86)\\ACER\\CARE CENTER" [ "Folder" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerCareCenter" , "C:\\Windows\\System32\\Tasks\\ACCAGENT" [ "Task" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\ACCAgent" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerCareCenter" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\ACCAgent" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerCareCenter" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F350A820-60B3-4E3C-87BE-DB4435EF992D}\u0000" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerCareCenter" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Plain\\{F350A820-60B3-4E3C-87BE-DB4435EF992D}\u0000" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerCareCenter" , "C:\\Windows\\System32\\Tasks\\ACCBACKGROUNDAPPLICATION" [ "Task" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\ACCBackgroundApplication" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerCareCenter" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\ACCBackgroundApplication" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerCareCenter" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A852EB45-8F7D-4275-B565-291233A28770}\u0000" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerCareCenter" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1AF41E84-3408-499A-8C93-8891F0612719}" [ "Registry" ]
    2019-09-22 21:54:04 : <INFO> [Scan] Item detected: "Preinstalled.AcerPowerManagement" , "C:\\Users\\thera\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Acer Power Button.lnk" [ "File" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "PUP.Optional.DriverTalent" , "C:\\OSTotoFolder" [ "Folder" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "PUP.Optional.DriverTalent" , "C:\\Program Files (x86)\\OSTotoSoft" [ "Folder" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "Preinstalled.AcerJumpstart" , "C:\\Program Files (x86)\\ACER\\ACER JUMPSTART" [ "Folder" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "Preinstalled.AcerJumpstart" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}" [ "Registry" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "Preinstalled.AcerConfigurationManager" , "C:\\Program Files (x86)\\ACER\\AMUNDSEN\\2.1.16258" [ "Folder" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "Preinstalled.AcerConfigurationManager" , "C:\\Windows\\System32\\Tasks\\ACERCMUPDATETASK2.1.16258" [ "Task" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\AcerCMUpdateTask2.1.16258" [ "Registry" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "Preinstalled.AcerConfigurationManager" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\AcerCMUpdateTask2.1.16258" [ "Registry" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "Preinstalled.AcerConfigurationManager" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{66267A0C-9DE4-43DC-9128-71BEB73099A5}\u0000" [ "Registry" ]
    2019-09-22 21:54:09 : <INFO> [Scan] Item detected: "Preinstalled.AcerConfigurationManager" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{414D554E-4453-454E-0201-000000016258}" [ "Registry" ]
    2019-09-22 21:54:11 : <INFO> [Telemetry] Sending to Influx
    2019-09-22 21:54:12 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3")
    2019-09-22 21:54:12 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
    2019-09-22 21:54:12 : <INFO> [SslCert] Locality Name ()
    2019-09-22 21:54:12 : <INFO> [SslCert] Organization ()
    2019-09-22 21:54:12 : <INFO> [SslCert] Certificate EffectiveDate: "Sun Aug 18 10:50:38 2019 GMT"
    2019-09-22 21:54:12 : <INFO> [SslCert] Certificate ExpirationDate: "Sat Nov 16 10:50:38 2019 GMT"
    2019-09-22 21:54:12 : <INFO> [SslCert] ALPN: Yes
    2019-09-22 21:54:12 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
    2019-09-22 21:54:12 : <INFO> [SslCert] KXE: "ECDH"
    2019-09-22 21:54:12 : <INFO> [SslCert] Protocol: "TLSv1.2"
    2019-09-22 21:54:12 : <INFO> [Telemetry] Status code: QVariant(int, 204)
    2019-09-22 21:54:12 : <INFO> [Telemetry] Sending to DSE
    2019-09-22 21:54:13 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
    2019-09-22 21:54:13 : <INFO> [SslCert] Issued to ("*.malwarebytes.com")
    2019-09-22 21:54:13 : <INFO> [SslCert] Locality Name ("San Jose")
    2019-09-22 21:54:13 : <INFO> [SslCert] Organization ("Malwarebytes Inc.")
    2019-09-22 21:54:13 : <INFO> [SslCert] Certificate EffectiveDate: "Thu Feb 22 00:00:00 2018 GMT"
    2019-09-22 21:54:13 : <INFO> [SslCert] Certificate ExpirationDate: "Wed Apr 22 12:00:00 2020 GMT"
    2019-09-22 21:54:13 : <INFO> [SslCert] ALPN: Yes
    2019-09-22 21:54:13 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
    2019-09-22 21:54:13 : <INFO> [SslCert] KXE: "ECDH"
    2019-09-22 21:54:13 : <INFO> [SslCert] Protocol: "TLSv1.2"
    2019-09-22 21:54:13 : <INFO> [Telemetry] Status code: QVariant(int, 201)
    2019-09-22 21:54:13 : <INFO> [Scan] Finished
    2019-09-22 21:54:51 : <INFO> [Button clicked] Log files menu item
    2019-09-22 21:55:54 : <INFO> [Button clicked] Dashboard menu item
    2019-09-22 21:55:56 : <INFO> [Button clicked] Cancel
    2019-09-22 21:56:02 : <INFO> [Button clicked] Survey score: 10
    2019-09-22 21:56:02 : <INFO> [Telemetry] Sending NPS Survey
    2019-09-22 21:56:03 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3")
    2019-09-22 21:56:03 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
    2019-09-22 21:56:03 : <INFO> [SslCert] Locality Name ()
    2019-09-22 21:56:03 : <INFO> [SslCert] Organization ()
    2019-09-22 21:56:03 : <INFO> [SslCert] Certificate EffectiveDate: "Sun Aug 18 10:50:38 2019 GMT"
    2019-09-22 21:56:03 : <INFO> [SslCert] Certificate ExpirationDate: "Sat Nov 16 10:50:38 2019 GMT"
    2019-09-22 21:56:03 : <INFO> [SslCert] ALPN: Yes
    2019-09-22 21:56:03 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
    2019-09-22 21:56:03 : <INFO> [SslCert] KXE: "ECDH"
    2019-09-22 21:56:03 : <INFO> [SslCert] Protocol: "TLSv1.2"
    2019-09-22 21:56:03 : <INFO> [Telemetry] Status code: QVariant(int, 204)
    2019-09-22 21:56:06 : <INFO> [Button clicked] Log files menu item
     
  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi HelpMe510,

    ---------------------------------------------------
    AdwCleaner - Clean

    • Double click AdwCleaner.exe to run it.
    • Click Scan Now
    • When the scan has finished a Scan Results window will open.
    • Please check the following boxes and then click Quarantine
      • Click Next
      • If any pre-installed software was found on your machine, a prompt window will open ...
        • Click OK to close it
      • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
      • Click Quarantine
    • A prompt to save your work will appear ...
      • Click Continue when you're ready to proceed.
    • A prompt to restart your computer will appear ...
      • Click Restart Now
    • Once your computer has restarted ...
      • If it doesn't open automatically, please start ADWCleaner ...
      • Click the Log Files tab ...
      • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the removal.
      • Please post the contents of the file in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • AdwCleaner[C0*].txt
     
  15. HelpMe510

    HelpMe510 Thread Starter

    Joined:
    Jul 22, 2019
    Messages:
    30
    # -------------------------------
    # Malwarebytes AdwCleaner 7.4.1.0
    # -------------------------------
    # Build: 09-04-2019
    # Database: 2019-09-23.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 09-24-2019
    # Duration: 00:00:09
    # OS: Windows 10 Home
    # Cleaned: 15
    # Failed: 1

    ***** [ Services ] *****
    No malicious services cleaned.
    ***** [ Folders ] *****
    Deleted C:\OSTotoFolder
    Deleted C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected]
    Deleted C:\Program Files (x86)\OSTotoSoft
    Deleted C:\Program Files (x86)\OSTotoSoft\DriverTalent
    Deleted C:\ProgramData\IObit\Advanced SystemCare
    Deleted C:\ProgramData\SecuritySuite
    Deleted C:\Users\thera\AppData\LocalLow\IObit\Advanced SystemCare
    Deleted C:\Users\thera\AppData\Roaming\IObit\Advanced SystemCare
    ***** [ Files ] *****
    Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
    ***** [ DLL ] *****
    No malicious DLLs cleaned.
    ***** [ WMI ] *****
    No malicious WMI cleaned.
    ***** [ Shortcuts ] *****
    No malicious shortcuts cleaned.
    ***** [ Tasks ] *****
    No malicious tasks cleaned.
    ***** [ Registry ] *****
    Deleted HKCU\Software\SSProtect
    Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
    Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
    Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
    ***** [ Chromium (and derivatives) ] *****
    No malicious Chromium entries cleaned.
    ***** [ Chromium URLs ] *****
    No malicious Chromium URLs cleaned.
    ***** [ Firefox (and derivatives) ] *****
    Deleted Amazon Assistant for Firefox
    Not Deleted Amazon Assistant for Firefox
    ***** [ Firefox URLs ] *****
    No malicious Firefox URLs cleaned.
    ***** [ Preinstalled Software ] *****
    No Preinstalled Software cleaned.

    *************************
    [+] Delete Tracing Keys
    [+] Reset Winsock
    *************************
    AdwCleaner_Debug.log - [49969 octets] - [22/09/2019 14:22:02]
    AdwCleaner[S00].txt - [5691 octets] - [22/09/2019 14:54:11]
    AdwCleaner[S01].txt - [5752 octets] - [24/09/2019 13:35:21]
    AdwCleaner[S02].txt - [5813 octets] - [24/09/2019 13:36:56]
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Tags:
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1233116

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice