1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Virus or something cannot get to any sort of web browser

Discussion in 'Virus & Other Malware Removal' started by KVP, Jul 19, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    I cannot even get to a web browser to download the TSG Sysinfo utility. I’m not sure what my son has done to his computer.
     
  2. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Finally was able to get to a browser.



    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: AMD FX(tm)-6300 Six-Core Processor, AMD64 Family 21 Model 2 Stepping 0
    Processor Count: 6
    RAM: 8150 Mb
    Graphics Card: AMD Radeon(TM) RX 560 Series, -2048 Mb
    Hard Drives: C: 930 GB (467 GB Free);
    Motherboard: Gigabyte Technology Co., Ltd., 970A-DS3P
    Antivirus: Windows Defender, Enabled and Updated
     
  3. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Not sure what is wrong with his computer. He plays a lot of games on this thing so not sure what all he has downloaded. It took me over 30 minutes to get to a web browser. His computer is super slow.
     
  4. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    I have ran the Superantispyware and the Malwarebytes and have quarantined some stuff. But, even after a week of not having his computer on, it still is running super slow and it took forever to even get to those spyware and malware to open. Not sure if there is something going on or not or if he has a virus I don't know about.
     
  5. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    My son’s computer is still running super slow to start.
     
  6. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hello KVP, and welcome to Tech Support Guy

    My name is Joeicam :), you can call me Joe, and I will be assisting you every step of the way.

    Please Note: I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you have two people looking at your problem.

    If you have any questions or comments, or aren't quite sure about what to do, STOP AND ASK.

    Before we begin, please familiarize yourself with the following:
    • Back up your files and folders, as sometimes malware infections can be severe. It's a good habit to plan for the worst.
    • Please follow my instructions exactly, and do not repeat any steps more than once, unless instructed.
    • Copy/Paste entire contents of your logs, and submit inside your post, instead of submitting as an attachment, unless told otherwise.
    • If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
    Finally:
    • As malware removal can be a complicated, multistep process, you should stick with me until I declare your system to be clean of all threats. It may seem like your system is running properly, but that does not mean that the infection is completely gone.
    • You must reply to this post within four days, if you do not, then the topic will be closed.
    • However, if you need more time to run the tools and fixes, or would like your topic to be reopened, please PM me or any Moderator to reactivate your topic.

    If I have not responded to your post within 24 hours, then send me a private message (PM).
    Otherwise, all communication is done in the forums.


    Let's get to work! :)

    ____________________________________________________________________________________________________

    The fixes presented are specific to your problem and should only be used for the issue on this machine!
    ____________________________________________________________________________________________________

    You're correct to identify that PC Accelerate Pro is not a good program. These types of programs make it purposefully difficult to uninstall and often come with other unwanted programs. That being said, continue with the steps below, so that I can see a more detailed view and if there are any other unwanted programs that should be removed

    Step 1 of 1: FRST Scan

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
    • Please copy and paste the logs back here.
     
  7. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Thanks Joeicam
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
    Ran by Reese (13-08-2018 11:19:43)
    Running from C:\Users\Reese\Downloads
    Windows 10 Home Version 1803 17134.191 (X64) (2018-06-24 01:11:56)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3261630820-3560529749-1377153256-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3261630820-3560529749-1377153256-503 - Limited - Disabled)
    Guest (S-1-5-21-3261630820-3560529749-1377153256-501 - Limited - Disabled)
    Reese (S-1-5-21-3261630820-3560529749-1377153256-1003 - Administrator - Enabled) => C:\Users\Reese
    WDAGUtilityAccount (S-1-5-21-3261630820-3560529749-1377153256-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.3.4 - Advanced Micro Devices, Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
    Discord (HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\Discord) (Version: 0.0.301 - Discord Inc.)
    Epic Games Launcher (HKLM-x32\...\{5F95C9CC-2614-4C5E-B1FC-43029FD7FD6B}) (Version: 1.1.149.0 - Epic Games, Inc.)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 6.0.3.0 - Hi-Rez Studios)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    LeapdroidVM (HKLM-x32\...\LeapdroidVM) (Version: - LeapdroidVM)
    Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
    Microsoft OneDrive (HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\OneDriveSetup.exe) (Version: 18.131.0701.0004 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
    Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
    NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.0 - OBS Project)
    osu! (HKLM-x32\...\{c7fd7c09-e547-410d-934a-9372660ec329}) (Version: latest - ppy Pty Ltd)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
    Roblox Player for Reese (HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
    Spotify (HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\Spotify) (Version: 1.0.87.491.ge2a121fc - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
    Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
    Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
    Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.21.18 - Webroot)
    Wizard101 (HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
    Wondershare Filmora(Build 8.5.3) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
    Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-08-12] (Webroot)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-03-22] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
    ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-08-12] (Webroot)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {3020534F-85BB-4897-B240-131A04A16E36} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {67BF7ABD-CF10-4659-B7EB-022AA6F05A88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-21] (Google Inc.)
    Task: {69D56F52-4FC1-41C0-9C82-EC4D74832B86} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-03-22] (Advanced Micro Devices, Inc.)
    Task: {7B9A2995-B7CD-44DE-B11B-6BA1B2F4804A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-21] (Google Inc.)
    Task: {80975222-8235-457B-9857-3455766A0F45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
    Task: {8BB394FE-49B5-49C3-9EB5-314913784221} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
    Task: {A1459968-8E32-4C9B-9715-CE6819B5ABC7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd)
    Task: {C09B4052-1664-4CE2-8754-B009A45FD457} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd)
    Task: {CA2DF840-5359-477D-B829-C1394A461F44} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
    Task: {D40DB39F-D072-4285-8000-7C78796A1DD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
    Task: {EF01A156-4186-467D-B390-9862F49D4393} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-03-22] (Advanced Micro Devices, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-07-20 15:38 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-12-15 23:17 - 2017-12-15 23:17 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
    2017-12-15 23:17 - 2017-12-15 23:17 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2018-04-21 19:10 - 2018-04-21 19:10 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
    2018-04-21 19:10 - 2018-04-21 19:10 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
    2018-04-21 19:10 - 2018-04-21 19:10 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-07-10 19:20 - 2018-07-06 01:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-07-09 13:49 - 2018-07-09 13:49 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
    2018-05-02 16:29 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\Reese\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
    2018-05-02 16:29 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\Reese\AppData\Local\Discord\app-0.0.301\libglesv2.dll
    2018-05-02 16:29 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\Reese\AppData\Local\Discord\app-0.0.301\libegl.dll
    2018-05-02 16:30 - 2018-08-12 20:01 - 011303256 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
    2018-05-02 16:30 - 2018-07-20 09:20 - 001635160 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
    2018-05-02 16:30 - 2018-05-02 16:30 - 000512856 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
    2018-05-02 16:30 - 2018-08-12 20:01 - 001641304 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
    2018-05-02 16:30 - 2018-08-12 20:01 - 001739608 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
    2018-05-02 16:30 - 2018-05-02 16:30 - 002722648 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
    2018-05-02 16:30 - 2018-05-02 16:30 - 001910104 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
    2018-05-02 16:30 - 2018-05-02 16:30 - 000422744 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
    2018-05-02 16:30 - 2018-05-02 16:30 - 000145240 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
    2018-05-02 16:30 - 2018-08-12 20:01 - 001657176 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_hook\discord_hook.node
    2018-05-02 16:30 - 2018-05-02 16:30 - 001249112 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node
    2018-05-02 16:30 - 2018-05-02 16:30 - 002760536 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
    2018-08-12 23:44 - 2018-08-12 23:44 - 001247576 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
    2018-08-12 23:44 - 2018-08-12 23:44 - 019981656 _____ () \\?\C:\Users\Reese\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
    2018-04-21 22:33 - 2018-08-08 17:43 - 002644768 _____ () C:\Program Files (x86)\Steam\video.dll
    2018-04-21 22:33 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
    2018-04-21 22:33 - 2017-12-19 20:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
    2018-04-21 22:33 - 2017-12-19 20:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
    2018-04-21 22:33 - 2017-12-19 20:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
    2018-04-21 22:33 - 2017-12-19 20:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
    2018-04-21 22:33 - 2017-12-19 20:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
    2018-04-21 22:33 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2018-04-21 22:33 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2018-04-21 22:33 - 2018-07-21 16:07 - 000854304 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2018-04-21 22:33 - 2018-08-08 17:43 - 001015072 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2018-04-21 22:33 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
    2018-04-21 22:35 - 2018-07-21 16:07 - 000854304 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
    2018-04-21 22:35 - 2018-07-20 17:24 - 083524896 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
    2018-04-21 22:35 - 2018-07-20 17:24 - 003732256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libglesv2.dll
    2018-04-21 22:35 - 2018-07-20 17:24 - 000086304 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libegl.dll
    2018-04-21 22:33 - 2018-07-03 16:58 - 000137504 _____ () C:\Program Files (x86)\Steam\winh264.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Public\AppData:CSM [486]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Reese\Downloads\19154174_1513014635.8778.jpg
    DNS Servers: 68.105.28.11 - 68.105.29.11
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\StartupApproved\Run: => "Discord"
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\StartupApproved\Run: => "Steam"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{7B04E007-C8ED-4533-B2A8-BE5A5A7B37B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{DD55A11D-86E8-4A31-9735-D65427442328}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{2A7C0699-5636-4651-9189-E44BF66800C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{55384B9E-5B46-4BF1-BCD4-D1B688594C70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [UDP Query User{52A71C59-1769-4162-A979-5FCF54D11CEC}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
    FirewallRules: [TCP Query User{C44EEF62-D7BF-4360-9132-8A64852AAD3A}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
    FirewallRules: [{7BDC97F5-CCAC-4F1E-AFD4-81626B638A53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
    FirewallRules: [{2E133A4D-16AD-4E39-A2FC-37F01C509DC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
    FirewallRules: [{E23109CC-FA10-4BD0-B5F4-87C39A9A5AB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{EBBD0ADE-D332-4BAD-B345-196DE8A28CFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{2011AF3D-96D3-4132-A448-84BBF1424045}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
    FirewallRules: [{2795ECB4-41DB-48BA-AAE3-482151D3F1DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
    FirewallRules: [{4C314D8C-24CC-42CD-8482-31EFB189D3A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
    FirewallRules: [{BF84CD5D-6455-424F-B7C0-B18851AE5F62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
    FirewallRules: [UDP Query User{FEB34F88-F66D-4043-85CD-3FEFF98D471F}C:\program files (x86)\steam\steamapps\common\realm royale\binaries\win64\realm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\realm royale\binaries\win64\realm.exe
    FirewallRules: [TCP Query User{B5EE831F-18D5-4B83-AD1D-099B1A88461C}C:\program files (x86)\steam\steamapps\common\realm royale\binaries\win64\realm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\realm royale\binaries\win64\realm.exe
    FirewallRules: [{5B511644-D967-406D-8DC1-F01E2BDDC2F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm Royale\Binaries\Win64\RealmEAC.exe
    FirewallRules: [{AB4A275B-AF71-485F-95D4-0E337A366F28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm Royale\Binaries\Win64\RealmEAC.exe
    FirewallRules: [UDP Query User{0830138D-2AC9-40EF-BE9D-0D61239776D8}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [TCP Query User{57F91F67-05D1-4DAA-ACCF-34B066C29675}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [{1CE9F0C7-8735-4472-AA86-99868318E956}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
    FirewallRules: [{8581BA69-4BCB-4D9F-B146-CDF7C8BD01A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
    FirewallRules: [UDP Query User{6C88ACEF-E30A-4E4B-BC1E-D647C666AA95}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
    FirewallRules: [TCP Query User{52477928-F47C-4D38-AF58-A9AA5A3A5C71}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
    FirewallRules: [{3E19C140-7317-4F30-93E8-06676FFEF0CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\H1Z1_BE.exe
    FirewallRules: [{D17416EA-2453-4D3B-84DF-E5DA5DE88683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\H1Z1_BE.exe
    FirewallRules: [UDP Query User{61B9A249-F8DC-48D6-A42F-A479F3A027D6}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
    FirewallRules: [TCP Query User{DF3C4A07-FA36-4A6B-9CB5-8D1CA71467F9}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
    FirewallRules: [{1E7B750B-81EC-422D-A595-62C484AD82D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
    FirewallRules: [{61C79233-22E8-4609-93F9-BAC31DF0E798}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
    FirewallRules: [{732649A6-2DC8-4D88-A458-EF107DB1FF80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege - Test Server\RainbowSix.exe
    FirewallRules: [{7D9A2ED8-38CF-4D1E-B2EC-5D4101DB26C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege - Test Server\RainbowSix.exe
    FirewallRules: [UDP Query User{72E5A605-0ABE-4416-83B2-B0BE4241B781}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
    FirewallRules: [TCP Query User{3CB2A997-6A2B-45C4-B9B4-4859B2EC6C20}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
    FirewallRules: [UDP Query User{9830A86A-A6B0-4223-A12E-ED7760866D49}C:\users\reese\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\reese\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{CF6D285D-5A75-4C37-A9E7-D53D0D4454AD}C:\users\reese\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\reese\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{BF12927C-C43E-4D3B-83C6-8B4C4B40E320}C:\users\reese\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\reese\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{D07189F5-DDCF-4F92-95A3-79998D0C2ED4}C:\users\reese\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\reese\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{976C52DE-B505-4D20-9B1C-E27AD480800A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
    FirewallRules: [{3053B023-6043-48DE-BFD7-92033114F25C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
    FirewallRules: [{6ABA581B-2CD9-4729-9E7E-261EE049E7A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [{5FC7D183-108C-48FB-B8B5-7F8160AE158A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [UDP Query User{BD484002-B5FE-42A2-96C7-524B96C680EA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
    FirewallRules: [TCP Query User{D3A68AC1-EBFE-416E-B06F-4F682EEAA3F2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
    FirewallRules: [{D0B8F332-1FA5-4DBF-BF8C-14BEB11DFF88}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{3E5367C5-0063-496C-ADDA-0797D0AF8238}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{8F318838-BD33-4CCC-A1EF-FB827F0017DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{7C188717-28CE-46C2-A8B7-C508957A3BD0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [UDP Query User{6FB9FE24-316A-4D86-BB5D-9D3F40C5B728}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
    FirewallRules: [TCP Query User{77422E1F-3003-40F0-A6DE-D9F7B1981B78}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
    FirewallRules: [UDP Query User{D895B422-993A-4EEC-BFB8-A82DD410610E}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
    FirewallRules: [TCP Query User{5480B75C-AD25-4692-BCDD-C86695C0C230}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
    FirewallRules: [UDP Query User{2B78F8FC-BB73-4E5B-BD1B-2BB2A334D6AE}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
    FirewallRules: [TCP Query User{D8028DDA-57F1-40D5-9F09-F2DC0F872297}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
    FirewallRules: [{6D7DB7CE-E81F-41A8-B74F-880E93A77BB4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{B4066791-2DE4-4356-9B7C-F9CF9BD9D0A1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{8698939E-8E99-4F5A-B08D-35A3E65CE625}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{E157E07D-35BE-4440-A3BB-A411BBD6E60C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{657D9AF8-FC52-4FD8-8FC8-FB4BA8D116E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    12-08-2018 09:05:10 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/12/2018 08:11:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program WindowsInternal.ComposableShell.Experiences.TextInput.InputApp. version 10.0.17134.191 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 2174

    Start Time: 01d432a26ac24c2b

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe

    Report Id: c665500b-8760-4faa-8b05-940e64595a6b

    Faulting package full name: InputApp_1000.17134.1.0_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: App

    Error: (08/12/2018 07:50:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program svchost.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 964

    Start Time: 01d4329aec5f9add

    Termination Time: 4294967295

    Application Path: C:\Windows\System32\svchost.exe

    Report Id: 475d2965-9401-4436-8384-0f957dc7ade8

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (08/12/2018 07:41:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program PeopleExperienceHost.exe version 10.0.17134.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1340

    Start Time: 01d4329df671282d

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe

    Report Id: 6ef0c181-d970-474a-9e4f-390c49177912

    Faulting package full name: Microsoft.Windows.PeopleExperienceHost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: App

    Error: (08/12/2018 07:32:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program explorer.exe version 10.0.17134.165 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: dd0

    Start Time: 01d4329b278bea22

    Termination Time: 16661

    Application Path: C:\Windows\explorer.exe

    Report Id: 6e6befd2-8e8c-468d-b899-81c29c3d79d7

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (08/12/2018 06:58:08 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: DllHost (7792,R,98) WebCacheLocal: An attempt to open the file "C:\Users\Reese\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2018 06:57:52 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: DllHost (7792,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Reese\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (08/12/2018 06:57:52 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: DllHost (7792,R,98) WebCacheLocal: An attempt to open the file "C:\Users\Reese\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2018 06:57:42 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: DllHost (7792,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Reese\AppData\Local\Microsoft\Windows\WebCache\V01.log.


    System errors:
    =============
    Error: (08/13/2018 11:20:52 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 11:20:47 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 11:20:43 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 11:20:39 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 11:20:35 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 11:20:31 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 11:20:27 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 11:20:23 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.


    Windows Defender:
    ===================================
    Date: 2018-07-30 09:30:22.629
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {7248BF25-1C1D-496E-B80C-07070A769F16}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-30 09:00:27.058
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {84AFBA94-F676-4548-BC5F-DB59C7348FBC}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-20 13:00:17.631
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {34CFB09F-4BCB-4F59-AEB9-A0BA890782C6}
    Scan Type: Antimalware
    Scan Parameters: Full Scan

    Date: 2018-07-20 09:38:09.340
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {82036E2F-9769-4DEC-AB95-6E1AF4A95A65}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-08 00:18:38.487
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {52C3CF40-AF92-4A00-B90E-10E669B2F580}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-08-12 19:42:08.210
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.273.1244.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15100.1
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-08-12 18:55:43.605
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.273.1244.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15100.1
    Error code: 0x80070643
    Error description: Fatal error during installation.

    Date: 2018-07-30 12:40:40.913
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.273.541.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15100.1
    Error code: 0x80070643
    Error description: Fatal error during installation.

    Date: 2018-07-30 12:19:05.765
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.273.541.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15100.1
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-07-26 23:20:22.302
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.273.413.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15100.1
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    CodeIntegrity:
    ===================================

    Date: 2018-07-30 08:56:25.871
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-07-30 08:56:25.777
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-07-27 13:32:39.996
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-07-27 13:32:39.996
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-07-27 11:27:04.289
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-07-27 11:27:03.682
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-07-27 11:26:49.543
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-07-27 11:26:49.455
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD FX(tm)-6300 Six-Core Processor
    Percentage of memory in use: 41%
    Total physical RAM: 8149.87 MB
    Available physical RAM: 4734.61 MB
    Total Virtual: 15836.63 MB
    Available Virtual: 9092.46 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:930.96 GB) (Free:466.27 GB) NTFS

    \\?\Volume{75053ade-767f-4598-a230-977db565b8bf}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
    \\?\Volume{cf523b24-ee4c-475c-a531-02df13debb92}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 4C321CD5)

    Partition: GPT.

    ==================== End of Addition.txt ============================




    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
    Ran by Reese (administrator) on DESKTOP-NUVR1K4 (13-08-2018 11:18:26)
    Running from C:\Users\Reese\Downloads
    Loaded Profiles: Reese (Available Profiles: Reese)
    Platform: Windows 10 Home Version 1803 17134.191 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (AMD) C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atiesrxx.exe
    (AMD) C:\Windows\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
    (Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
    (Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
    (Discord Inc.) C:\Users\Reese\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\Reese\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\Reese\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\Reese\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Discord Inc.) C:\Users\Reese\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\Reese\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [3710080 2018-08-08] (Webroot)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\Run: [Discord] => C:\Users\Reese\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\Run: [Spotify] => C:\Users\Reese\AppData\Roaming\Spotify\Spotify.exe [24528272 2018-08-11] (Spotify Ltd)
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32973712 2018-07-26] (Epic Games, Inc.)
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8898480 2018-07-02] (SUPERAntiSpyware)
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2018-07-20]
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
    Tcpip\..\Interfaces\{583c05fe-52cc-4f2e-8ca8-b6a43610cdbb}: [DhcpNameServer] 10.0.1.1 10.0.1.3
    Tcpip\..\Interfaces\{cacc5e74-6fad-4799-8934-c45474276bee}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-3261630820-3560529749-1377153256-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
    SearchScopes: HKU\S-1-5-21-3261630820-3560529749-1377153256-1003 -> DefaultScope {954829F2-0CF6-4CB0-8383-FB42076D39FE} URL =
    SearchScopes: HKU\S-1-5-21-3261630820-3560529749-1377153256-1003 -> {954829F2-0CF6-4CB0-8383-FB42076D39FE} URL =
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2018-07-20] (Webroot)
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2018-07-20] (Webroot)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2018-07-20] (Webroot)
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2018-07-20] (Webroot)

    FireFox:
    ========
    FF DefaultProfile: 48jly527.default
    FF ProfilePath: C:\Users\Reese\AppData\Roaming\Mozilla\Firefox\Profiles\48jly527.default [2018-08-13]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FF_WEBEX
    FF Extension: (No Name) - C:\ProgramData\WRData\PKG\FF_WEBEX [2018-07-20]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default [2018-07-30]
    CHR Extension: (Slides) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-21]
    CHR Extension: (Docs) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-21]
    CHR Extension: (Google Drive) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-21]
    CHR Extension: (YouTube) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-21]
    CHR Extension: (Sheets) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-21]
    CHR Extension: (Google Docs Offline) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-21]
    CHR Extension: (Webroot Filtering Extension) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-07-26]
    CHR Extension: (Webroot Password Manager) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2018-07-26]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-21]
    CHR Extension: (Gmail) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-21]
    CHR Extension: (Chrome Media Router) - C:\Users\Reese\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-14]
    CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atiesrxx.exe [481768 2018-03-23] (AMD)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-07-30] ()
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2018-06-18] (EasyAntiCheat Ltd)
    U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-05-30] (Hi-Rez Studios) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
    R2 osrss; C:\WINDOWS\system32\osrss.dll [130808 2018-06-08] (Microsoft Corporation)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)
    R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [3710080 2018-08-08] (Webroot)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmdag.sys [41595872 2018-03-23] (Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0326037.inf_amd64_6cad8aeb5717c52d\B326079\atikmpag.sys [546280 2018-03-23] (Advanced Micro Devices, Inc.)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
    R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
    S4 EasyAntiCheatSys; C:\WINDOWS\system32\drivers\EasyAntiCheat.sys [820928 2018-08-13] (EasyAntiCheat Oy)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
    R1 LeapdroidVMDrv; C:\Program Files\Leapdroid\VM\LeapdroidVMDrv.sys [300952 2018-05-04] (Leapdroid Inc.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [191208 2018-07-20] (Malwarebytes)
    S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [114920 2018-08-02] (Malwarebytes)
    S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [48360 2018-08-02] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-12] (Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102632 2018-08-02] (Malwarebytes)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
    R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7147888 2017-10-02] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)
    R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [128216 2018-08-08] (Webroot)
    R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [68896 2018-07-20] (Webroot)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-08-13 11:18 - 2018-08-13 11:19 - 000015533 _____ C:\Users\Reese\Downloads\FRST.txt
    2018-08-13 11:18 - 2018-08-13 11:18 - 000000000 ____D C:\FRST
    2018-08-13 11:17 - 2018-08-13 11:17 - 002412544 _____ (Farbar) C:\Users\Reese\Downloads\FRST64.exe
    2018-08-13 11:17 - 2018-08-13 11:17 - 001773056 _____ (Farbar) C:\Users\Reese\Downloads\FRST.exe
    2018-08-12 21:31 - 2018-08-12 21:33 - 000000000 ____D C:\Program Files (x86)\Call of Duty Black Ops 4
    2018-08-12 21:28 - 2018-08-12 21:28 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
    2018-08-12 21:27 - 2018-08-12 21:27 - 000000000 ____D C:\Users\Reese\AppData\Local\Blizzard Entertainment
    2018-08-12 21:26 - 2018-08-13 11:09 - 000000000 ____D C:\Users\Reese\AppData\Local\Battle.net
    2018-08-12 21:26 - 2018-08-12 21:28 - 000000000 ____D C:\Users\Reese\AppData\Roaming\Battle.net
    2018-08-12 21:26 - 2018-08-12 21:26 - 000000940 _____ C:\Users\Public\Desktop\Battle.net.lnk
    2018-08-12 21:26 - 2018-08-12 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2018-08-12 21:25 - 2018-08-12 21:28 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2018-08-12 21:14 - 2018-08-12 21:14 - 000000000 ____D C:\Users\Reese\AppData\Local\Blizzard
    2018-08-12 21:13 - 2018-08-12 21:13 - 000000000 ____D C:\ProgramData\Battle.net
    2018-08-12 21:12 - 2018-08-12 21:13 - 004703728 _____ (Blizzard Entertainment) C:\Users\Reese\Downloads\Battle.net-Setup.exe
    2018-08-12 18:30 - 2018-08-12 18:30 - 558441022 _____ C:\WINDOWS\MEMORY.DMP
    2018-08-12 18:30 - 2018-08-12 18:30 - 000739428 _____ C:\WINDOWS\Minidump\081218-30843-01.dmp
    2018-08-12 12:28 - 2018-08-12 12:28 - 000000326 _____ C:\Users\Reese\Downloads\cursor(2).cur
    2018-08-12 12:25 - 2018-08-12 12:25 - 000000326 _____ C:\Users\Reese\Downloads\cursor(1).cur
    2018-08-10 18:01 - 2018-08-10 18:01 - 000000000 ____D C:\Users\Reese\Desktop\sdnjfshuifshudfsddf
    2018-07-30 19:04 - 2018-07-30 19:04 - 000000314 _____ C:\Users\Reese\Desktop\Fortnite.url
    2018-07-30 12:52 - 2018-07-30 12:53 - 005308052 _____ C:\Users\Reese\Downloads\PS4UPDATE(1).PUP.part
    2018-07-30 12:52 - 2018-07-30 12:52 - 000000000 _____ C:\Users\Reese\Downloads\PS4UPDATE(1).PUP
    2018-07-30 12:51 - 2018-07-30 12:54 - 460004352 _____ C:\Users\Reese\Downloads\PS4UPDATE.PUP
    2018-07-27 12:30 - 2018-07-27 12:30 - 000043444 _____ C:\Users\Reese\Documents\cc_20180727_123044.reg
    2018-07-27 12:26 - 2018-08-11 20:02 - 000000000 ____D C:\Program Files\CCleaner
    2018-07-27 12:26 - 2018-07-30 12:21 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2018-07-27 12:26 - 2018-07-27 12:26 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2018-07-27 12:26 - 2018-07-27 12:26 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2018-07-27 12:26 - 2018-07-27 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2018-07-27 12:25 - 2018-07-27 12:25 - 016624376 _____ (Piriform Ltd) C:\Users\Reese\Downloads\ccsetup545pro.exe
    2018-07-27 11:37 - 2018-08-13 11:14 - 000000000 ____D C:\Users\Reese\AppData\LocalLow\Mozilla
    2018-07-27 11:37 - 2018-08-11 20:14 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-07-27 11:37 - 2018-08-11 20:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-07-27 11:37 - 2018-08-11 20:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-07-27 11:37 - 2018-07-27 11:38 - 000000000 ____D C:\Users\Reese\AppData\Local\Mozilla
    2018-07-27 11:37 - 2018-07-27 11:37 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
    2018-07-27 11:37 - 2018-07-27 11:37 - 000000000 ____D C:\Users\Reese\AppData\Roaming\Mozilla
    2018-07-27 11:36 - 2018-07-27 11:36 - 000313776 _____ (Mozilla) C:\Users\Reese\Downloads\Firefox Installer.exe
    2018-07-27 08:07 - 2018-08-02 23:23 - 000102632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-07-26 21:37 - 2018-07-26 21:37 - 000195346 _____ C:\Users\Reese\Downloads\wu170509 (1).diagcab
    2018-07-26 21:36 - 2018-07-26 21:36 - 000195346 _____ C:\Users\Reese\Downloads\wu170509.diagcab
    2018-07-26 21:35 - 2018-07-26 21:35 - 000000558 _____ C:\Users\Reese\Downloads\IEBrowseWebDiagnostic.diagcab
    2018-07-26 19:56 - 2018-07-14 01:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-07-26 19:56 - 2018-07-13 23:01 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-07-26 19:56 - 2018-07-13 23:00 - 022714368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-07-26 19:55 - 2018-07-14 19:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2018-07-26 19:55 - 2018-07-14 19:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2018-07-26 19:55 - 2018-07-14 19:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-07-26 19:55 - 2018-07-14 19:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2018-07-26 19:55 - 2018-07-14 19:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2018-07-26 19:55 - 2018-07-14 19:38 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-07-26 19:55 - 2018-07-14 18:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2018-07-26 19:55 - 2018-07-14 18:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-07-26 19:55 - 2018-07-14 18:13 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-07-26 19:55 - 2018-07-14 01:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-07-26 19:55 - 2018-07-13 23:23 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-07-26 19:55 - 2018-07-13 23:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2018-07-26 19:55 - 2018-07-13 23:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2018-07-26 19:55 - 2018-07-13 23:19 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-07-26 19:55 - 2018-07-13 23:18 - 007436112 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-07-26 19:55 - 2018-07-13 23:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2018-07-26 19:55 - 2018-07-13 23:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2018-07-26 19:55 - 2018-07-13 23:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2018-07-26 19:55 - 2018-07-13 23:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2018-07-26 19:55 - 2018-07-13 23:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2018-07-26 19:55 - 2018-07-13 23:15 - 006044112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-07-26 19:55 - 2018-07-13 23:08 - 022006784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-07-26 19:55 - 2018-07-13 23:03 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-07-26 19:55 - 2018-07-13 23:03 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-07-26 19:55 - 2018-07-13 22:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2018-07-26 19:55 - 2018-07-13 22:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2018-07-26 19:55 - 2018-07-13 22:58 - 008188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-07-26 19:55 - 2018-07-13 22:58 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-07-26 19:55 - 2018-07-13 22:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2018-07-26 19:55 - 2018-07-13 22:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-07-26 19:55 - 2018-07-13 22:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2018-07-26 19:55 - 2018-07-13 22:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2018-07-26 19:55 - 2018-07-13 22:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-07-26 19:55 - 2018-07-13 22:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
    2018-07-26 19:55 - 2018-07-13 22:55 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-07-26 19:55 - 2018-07-13 22:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-07-26 19:55 - 2018-07-13 22:54 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-07-26 19:55 - 2018-07-13 22:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-07-26 19:55 - 2018-07-13 22:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2018-07-26 19:55 - 2018-07-13 22:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2018-07-26 19:55 - 2018-07-13 22:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-07-26 19:55 - 2018-07-13 22:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2018-07-26 19:55 - 2018-07-13 22:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
    2018-07-26 19:55 - 2018-07-13 22:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2018-07-26 19:55 - 2018-07-13 22:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-07-26 19:55 - 2018-07-13 22:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-07-26 19:55 - 2018-07-13 22:51 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-07-26 19:55 - 2018-07-13 22:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2018-07-26 19:55 - 2018-07-13 22:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2018-07-26 19:54 - 2018-07-14 19:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2018-07-26 19:54 - 2018-07-14 19:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2018-07-26 19:54 - 2018-07-14 19:38 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-07-26 19:54 - 2018-07-14 19:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2018-07-26 19:54 - 2018-07-14 18:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2018-07-26 19:54 - 2018-07-14 18:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2018-07-26 19:54 - 2018-07-13 23:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2018-07-26 19:54 - 2018-07-13 23:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2018-07-26 19:54 - 2018-07-13 23:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2018-07-26 19:54 - 2018-07-13 23:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2018-07-26 19:54 - 2018-07-13 23:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2018-07-26 19:54 - 2018-07-13 23:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2018-07-26 19:54 - 2018-07-13 23:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2018-07-26 19:54 - 2018-07-13 23:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2018-07-26 19:54 - 2018-07-13 23:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2018-07-26 19:54 - 2018-07-13 23:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2018-07-26 19:54 - 2018-07-13 23:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2018-07-26 19:54 - 2018-07-13 23:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2018-07-26 19:54 - 2018-07-13 22:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2018-07-26 19:54 - 2018-07-13 22:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2018-07-26 19:54 - 2018-07-13 22:54 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-07-26 19:54 - 2018-07-13 22:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2018-07-26 19:54 - 2018-07-13 22:53 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
    2018-07-26 19:54 - 2018-07-13 22:53 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-07-26 19:54 - 2018-07-13 22:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
    2018-07-26 19:54 - 2018-07-13 22:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-07-26 19:54 - 2018-07-13 22:52 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-07-26 19:54 - 2018-07-13 22:52 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-07-26 19:54 - 2018-07-13 22:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
    2018-07-26 19:54 - 2018-07-13 22:50 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-07-26 19:54 - 2018-07-13 22:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
    2018-07-26 19:54 - 2018-07-13 22:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2018-07-26 19:54 - 2018-07-13 22:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2018-07-26 19:54 - 2018-07-13 22:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2018-07-26 19:53 - 2018-07-13 23:20 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-07-26 19:53 - 2018-07-13 23:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2018-07-26 19:53 - 2018-07-13 23:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2018-07-26 19:53 - 2018-07-13 22:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-07-26 19:53 - 2018-07-13 22:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2018-07-26 19:53 - 2018-07-13 22:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2018-07-26 19:53 - 2018-07-13 22:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2018-07-26 19:53 - 2018-07-13 22:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2018-07-26 19:53 - 2018-07-13 22:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2018-07-26 19:53 - 2018-07-13 22:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2018-07-26 19:52 - 2018-07-14 19:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2018-07-26 19:52 - 2018-07-14 19:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
    2018-07-26 19:52 - 2018-07-14 19:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
    2018-07-26 19:52 - 2018-07-14 19:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2018-07-26 19:52 - 2018-07-14 19:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2018-07-26 19:52 - 2018-07-14 19:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2018-07-26 19:52 - 2018-07-14 18:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
    2018-07-26 19:52 - 2018-07-14 18:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2018-07-26 19:52 - 2018-07-14 18:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2018-07-26 19:52 - 2018-07-13 23:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-07-26 19:52 - 2018-07-13 23:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2018-07-26 19:52 - 2018-07-13 23:30 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-07-26 19:52 - 2018-07-13 23:24 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-07-26 19:52 - 2018-07-13 23:23 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-07-26 19:52 - 2018-07-13 23:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2018-07-26 19:52 - 2018-07-13 23:21 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-07-26 19:52 - 2018-07-13 23:21 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-07-26 19:52 - 2018-07-13 23:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2018-07-26 19:52 - 2018-07-13 23:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2018-07-26 19:52 - 2018-07-13 23:20 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-07-26 19:52 - 2018-07-13 23:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2018-07-26 19:52 - 2018-07-13 23:20 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-07-26 19:52 - 2018-07-13 23:19 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-07-26 19:52 - 2018-07-13 23:19 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-07-26 19:52 - 2018-07-13 23:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2018-07-26 19:52 - 2018-07-13 23:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2018-07-26 19:52 - 2018-07-13 23:18 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-07-26 19:52 - 2018-07-13 23:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2018-07-26 19:52 - 2018-07-13 23:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2018-07-26 19:52 - 2018-07-13 23:17 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-07-26 19:52 - 2018-07-13 23:17 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-07-26 19:52 - 2018-07-13 23:17 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-07-26 19:52 - 2018-07-13 23:15 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-07-26 19:52 - 2018-07-13 23:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2018-07-26 19:52 - 2018-07-13 23:15 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-07-26 19:52 - 2018-07-13 23:15 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-07-26 19:52 - 2018-07-13 22:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2018-07-26 19:52 - 2018-07-13 22:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-07-26 19:52 - 2018-07-13 22:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2018-07-26 19:52 - 2018-07-13 22:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2018-07-26 19:52 - 2018-07-13 22:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
    2018-07-26 19:52 - 2018-07-13 22:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
    2018-07-26 19:52 - 2018-07-13 22:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
    2018-07-26 19:52 - 2018-07-13 22:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
    2018-07-26 19:52 - 2018-07-13 22:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2018-07-26 19:52 - 2018-07-13 22:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
    2018-07-26 19:52 - 2018-07-13 22:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2018-07-26 19:52 - 2018-07-13 22:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2018-07-26 19:52 - 2018-07-13 22:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2018-07-26 19:52 - 2018-07-13 22:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2018-07-26 19:52 - 2018-07-13 22:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
    2018-07-26 19:52 - 2018-07-13 22:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
    2018-07-26 19:52 - 2018-07-13 22:53 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2018-07-26 19:52 - 2018-07-13 22:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2018-07-26 19:52 - 2018-07-13 22:52 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-07-26 19:52 - 2018-07-13 22:52 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-07-26 19:52 - 2018-07-13 22:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2018-07-26 19:52 - 2018-07-13 22:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
    2018-07-26 19:52 - 2018-07-13 22:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2018-07-26 19:52 - 2018-07-13 22:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2018-07-26 19:52 - 2018-07-13 22:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2018-07-26 19:52 - 2018-07-13 22:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
    2018-07-26 19:52 - 2018-07-13 22:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2018-07-26 19:52 - 2018-07-13 22:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-07-26 19:52 - 2018-07-13 22:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2018-07-26 19:51 - 2018-07-14 19:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2018-07-26 19:51 - 2018-07-14 19:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-07-26 19:51 - 2018-07-14 19:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2018-07-26 19:51 - 2018-07-14 18:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2018-07-26 19:51 - 2018-07-14 18:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2018-07-26 19:51 - 2018-07-14 18:13 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-07-26 19:51 - 2018-07-14 18:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
    2018-07-26 19:51 - 2018-07-13 22:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
    2018-07-26 19:51 - 2018-07-13 22:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2018-07-26 19:51 - 2018-07-13 22:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2018-07-26 19:51 - 2018-07-13 22:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-07-26 19:51 - 2018-07-13 22:57 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-07-26 19:51 - 2018-07-13 22:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
    2018-07-26 19:51 - 2018-07-13 22:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2018-07-26 19:51 - 2018-07-13 22:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
    2018-07-26 19:51 - 2018-07-13 22:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
    2018-07-26 19:51 - 2018-07-13 22:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2018-07-26 19:51 - 2018-07-13 22:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
    2018-07-26 19:51 - 2018-07-13 22:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2018-07-26 19:51 - 2018-07-13 22:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-07-26 19:51 - 2018-07-13 22:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
    2018-07-26 19:51 - 2018-07-13 22:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2018-07-26 19:51 - 2018-07-13 22:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2018-07-26 19:51 - 2018-07-13 22:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2018-07-26 19:51 - 2018-07-13 22:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
    2018-07-26 19:51 - 2018-07-13 22:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2018-07-26 19:51 - 2018-07-13 22:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2018-07-26 19:51 - 2018-07-13 22:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
    2018-07-26 19:51 - 2018-07-13 22:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
    2018-07-26 19:51 - 2018-07-13 22:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2018-07-26 19:51 - 2018-07-13 22:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
    2018-07-26 19:51 - 2018-07-13 22:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2018-07-26 19:51 - 2018-07-13 22:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2018-07-26 19:51 - 2018-07-13 21:35 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2018-07-20 18:51 - 2018-07-20 21:11 - 000000000 ____D C:\Users\Reese\AppData\LocalLow\LastPass
    2018-07-20 16:19 - 2018-07-20 16:19 - 000000000 ____D C:\Users\Reese\AppData\LocalLow\webroot
    2018-07-20 16:19 - 2018-07-20 16:19 - 000000000 ____D C:\Users\Reese\AppData\Local\lptmp
    2018-07-20 16:18 - 2018-08-12 21:13 - 000000000 ____D C:\ProgramData\WRData
    2018-07-20 16:18 - 2018-08-12 19:16 - 000273688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
    2018-07-20 16:18 - 2018-08-12 19:16 - 000230592 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
    2018-07-20 16:18 - 2018-08-08 23:36 - 000128216 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
    2018-07-20 16:18 - 2018-07-20 16:18 - 000068896 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
    2018-07-20 16:18 - 2018-07-20 16:18 - 000000120 _____ C:\Users\Reese\Downloads\SecurityProductInformation.ini
    2018-07-20 16:18 - 2018-07-20 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
    2018-07-20 16:18 - 2018-07-20 16:18 - 000000000 ____D C:\Program Files\Webroot
    2018-07-20 16:17 - 2018-07-20 16:17 - 003688336 _____ (Webroot) C:\Users\Reese\Downloads\wsabbs2.exe
    2018-07-20 16:16 - 2018-07-20 16:16 - 000000000 ____D C:\Users\Reese\AppData\Roaming\Macromedia
    2018-07-20 15:56 - 2018-07-31 17:51 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
    2018-07-20 15:39 - 2018-08-02 13:58 - 000048360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2018-07-20 15:38 - 2018-08-12 19:18 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-07-20 15:38 - 2018-08-02 13:58 - 000114920 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2018-07-20 15:38 - 2018-07-20 15:38 - 000191208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2018-07-20 15:38 - 2018-07-20 15:38 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-07-20 15:38 - 2018-07-20 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-07-20 15:38 - 2018-07-20 15:38 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-07-20 15:38 - 2018-07-20 15:38 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-07-20 15:38 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2018-07-20 14:47 - 2018-08-13 08:36 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{858649E6-8F60-4663-8856-949C0BC3FE7B}
    2018-07-20 14:21 - 2018-07-20 14:21 - 000001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2018-07-20 14:21 - 2018-07-20 14:21 - 000000000 ____D C:\Users\Reese\AppData\Roaming\SUPERAntiSpyware.com
    2018-07-20 14:21 - 2018-07-20 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2018-07-20 14:20 - 2018-07-20 14:21 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2018-07-20 14:20 - 2018-07-20 14:20 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2018-07-20 14:18 - 2018-07-20 14:18 - 034588048 _____ (SUPERAntiSpyware) C:\Users\Reese\Downloads\SUPERAntiSpyware.exe
    2018-07-20 13:46 - 2018-07-20 13:46 - 000000017 _____ C:\Users\Reese\AppData\Local\resmon.resmoncfg
    2018-07-20 12:16 - 2018-07-12 23:34 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-07-20 12:16 - 2018-07-12 23:32 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-07-20 12:16 - 2018-07-12 23:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-07-20 12:16 - 2018-07-12 22:59 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-07-20 12:16 - 2018-07-11 05:23 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-07-20 12:16 - 2018-07-11 04:24 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2018-07-20 08:56 - 2018-08-12 18:30 - 000000000 ____D C:\WINDOWS\Minidump
    2018-07-19 20:30 - 2018-07-19 20:30 - 000748192 _____ (TechGuy, Inc.) C:\Users\Reese\Downloads\SysInfo (1).exe
    2018-07-19 20:29 - 2018-07-19 20:29 - 000748192 _____ (TechGuy, Inc.) C:\Users\Reese\Downloads\SysInfo.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-08-13 11:17 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-08-13 11:14 - 2018-04-26 16:10 - 000000000 ____D C:\Users\Reese\AppData\Local\Spotify
    2018-08-13 10:42 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-08-13 07:43 - 2018-04-26 16:07 - 000000000 ____D C:\Users\Reese\AppData\Roaming\Spotify
    2018-08-13 06:43 - 2018-06-18 04:07 - 000820928 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
    2018-08-12 22:05 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-08-12 21:26 - 2018-06-23 20:12 - 000000000 ____D C:\Users\Reese\AppData\Local\D3DSCache
    2018-08-12 21:07 - 2018-04-21 22:29 - 000000000 ____D C:\Program Files (x86)\Steam
    2018-08-12 19:17 - 2018-05-05 16:29 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
    2018-08-12 19:16 - 2018-06-23 20:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-08-12 19:16 - 2018-06-23 18:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-08-12 02:02 - 2018-07-09 20:00 - 000000000 ____D C:\Users\Reese\AppData\Local\ElevatedDiagnostics
    2018-08-11 20:51 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-08-11 20:07 - 2018-04-21 19:06 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-08-11 19:16 - 2018-06-23 18:45 - 000000000 ____D C:\Users\Reese
    2018-08-09 17:53 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-08-09 17:53 - 2018-03-29 15:38 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-08-08 18:56 - 2018-06-23 20:08 - 000005592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-08-08 05:25 - 2018-06-23 20:13 - 000000000 ____D C:\ProgramData\Packages
    2018-07-30 19:05 - 2018-04-22 16:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-07-30 10:51 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-07-30 09:55 - 2018-04-22 09:59 - 000000000 ____D C:\Users\Reese\AppData\Local\Packages
    2018-07-30 09:48 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SystemApps
    2018-07-30 09:41 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-07-27 12:28 - 2018-06-21 20:21 - 000000000 ___DC C:\WINDOWS\Panther
    2018-07-27 12:28 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
    2018-07-26 21:48 - 2018-06-23 18:42 - 000242168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-07-26 21:46 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2018-07-26 21:40 - 2018-04-22 09:56 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak
    2018-07-26 19:42 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-07-26 17:51 - 2018-06-23 20:11 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3261630820-3560529749-1377153256-1003
    2018-07-26 17:51 - 2018-06-23 18:45 - 000002367 _____ C:\Users\Reese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-07-26 17:51 - 2018-04-22 10:00 - 000000000 ___RD C:\Users\Reese\OneDrive
    2018-07-20 09:21 - 2018-04-23 18:59 - 000000000 ____D C:\Users\Reese\AppData\Roaming\discord
    2018-07-18 17:49 - 2018-04-22 15:43 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2018-07-20 16:19 - 2018-07-20 16:19 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2018-07-20 13:46 - 2018-07-20 13:46 - 000000017 _____ () C:\Users\Reese\AppData\Local\resmon.resmoncfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-23 18:42

    ==================== End of FRST.txt ============================
     
  8. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Great! I will begin reviewing your logs and get back to you :).
     
  9. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Thank you, I will be leaving out of town tomorrow but will be back Wednesday.
     
  10. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Okay, perfect. Appreciate the heads up. There will be more instructions waiting for you upon your return.
     
  11. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Joeicam, I’m back from out of town.
     
  12. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Okay, perfect. I will get back to you either today, or tomorrow :).
     
  13. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hi KVP! Looks like Malwarebytes and Superantispyware did a good job at removing a lot of the malicious items. Please continue with the steps below:

    Based off of the most recent information about CCleaner, I would say go ahead and uninstall it. However, if you wish to keep it. Keep this warning in mind:

    ***Registry Cleaner Warning***

    You have following Registry Cleaners installed: CCleaner

    This kind of program can be good for your PC, but take caution with the registry cleaner portion of the application. A registry cleaner will not increase your system's speed or performance, but it can damage your Registry, which can lead to an unbootable machine.

    Please read this article for more information.


    Step 1 of 2: Clean with AdwCleaner

    Download AdwCleaner from here. Save the file to the desktop.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    [​IMG]
    • Click the Scan Now button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Scan results - "Clean & Repair" will remove the selected threats from your computer.
    • Click the Clean & Repair button.
    • Everything checked will be moved to Quarantine.
    • Click on Clean & Restart Now
    [​IMG]

    On reboot a screen similar to the one below will be displayed.
    [​IMG]

    Click on "View Log File" and copy/paste that in your next reply. This report is also saved to C:\AdwCleaner\Logs\AdwCleaner[C00].txt

    Step 2 of 2: Scan with Malwarebytes

    Since you already have Malwarebytes installed, open it up as you did before, and follow the directions below:
    • On the Dashboard screen, click the blue Scan Now button.
    • Wait for Malwarebytes Anti-Malware to finish the scan
    • If the program detects anything, click Remove Selected. The program might want to reboot the system. Allow it if it wants to.
    • Once the deletion is done (or after reboot), go to Reports, put a check-mark next to the most current Scan Report and click View Report.
    • Click Export, then click Copy to Clipboard.
    • Paste (CTRL+V) the log into your next reply.

    ===============================================

    When you reply to me, I need to see:
    • Any questions/concerns you might have, or if you were not able to complete any of the steps above
    • The copied and pasted contents of the Adwcleaner log file
    • The copied and pasted contents of the Malwarebytes log
     
  14. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.2.0
    # -------------------------------
    # Build: 07-17-2018
    # Database: 2018-08-16.1
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 08-16-2018
    # Duration: 00:02:49
    # OS: Windows 10 Home
    # Cleaned: 3
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    Deleted C:\Users\Reese\Downloads\SysInfo.exe

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    Deleted Ask
    Deleted AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1324 octets] - [16/08/2018 10:18:25]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     
  15. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hi KVP, do you have the log from Malwarebytes? (Step 2)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1213202

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice