Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Youtube and Game Issues


  • This topic is locked This topic is locked
57 replies to this topic

#1 kittensmittens00

kittensmittens00

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 19 July 2018 - 03:49 PM

Im running on an hp windows 8 laptop, not sure exactly what version.
I'm on my friends laptop. Her computer was running slow, so i decided to do a couple of things to fix it. I'm no computer expert, more of a google expert, so i probably made some mistakes. I used some software by IOBit (an advanced cleaner because disk cleanup wasn't working, a force uninstaller because of malware that wouldn't uninstall, and a driver updater...to update drivers)
After I did that, her computer ran fine for a while. But the next morning, it received an update. After that, her youtube began to load very slowly, and sometimes not at all, and online games began to lag. Any ideas on how to fix this? I've tried disabling hardware acceleration, using a different browser (which worked for internet explorer but not firefox. By the way her main browser is chrome.) It also seemed to work in incognito mode, so i removed all of her sketchy extensions, and it worked for a while, but then started up again. The same thing happened when I disabled hardware acceleration.

 

Any ideas on how to fix it?

Edit: The computer updates every time it restarts. I'm not sure if it's because the update isn't installing properly or not. Also, when trying to access youtube, a message appears saying "If your video doesn't load soon, try restarting you device." (Which, doesn't work.) Oh, and when trying to watch videos on other sites, it seems to work fine.


Edited by Chris Cosgrove, 19 July 2018 - 05:14 PM.
Moved fro Win 8/8.1 to Virus, malware, etc.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 24 July 2018 - 11:31 AM

Hi kittensmittens00 :)
 
My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours. If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text into your replies to me.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's get started:

 

Good job providing details about your computer :thumbup2: however before I can help you get your computer back up to speed, you will need to do the following:

  • Please click on this link and follow the detailed directions starting at step :step6:
  • Download and run the Farbar Recovery Scan Tool also known as FRST
  • Copy and paste the logs, FRST.txt and Addition.txt into your next reply to me

Let me know if you have any questions.
 
polskamachina



#3 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 25 July 2018 - 04:40 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by michelle (administrator) on MICHELLESCUTE (25-07-2018 17:34:02)
Running from C:\Users\michelle\Downloads
Loaded Profiles: michelle (Available Profiles: michelle & Chase & Kayla & Administrator & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Graphic Tablet Company Shenzhen) C:\Program Files\TabletDriver\TabletDriver.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\michelle\Desktop\DeSmuME_0.9.11_x64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\Program Files\TabletDriver\TabletDriver.exe [1157344 2015-07-09] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1120\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{3FDBC09C-99AB-4A73-B303-869E5AE9F34F}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{44449148-2BEF-4758-9A26-F0FBBB14BAED}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3472437596-12229158-1782212312-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3472437596-12229158-1782212312-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3472437596-12229158-1782212312-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)

FireFox:
========
FF DefaultProfile: c8a1h0yk.default-1532054534234
FF ProfilePath: C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\c8a1h0yk.default-1532054534234 [2018-07-25]
FF Session Restore: Mozilla\Firefox\Profiles\c8a1h0yk.default-1532054534234 -> is enabled.
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-03] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default [2018-07-19]
CHR Extension: (Docs) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-23]
CHR Extension: (Google Drive) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-23]
CHR Extension: (YouTube) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-23]
CHR Extension: (Gmail) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2018-07-18] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-07-18] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-07-18] (REALiX™)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2541200 2018-07-18] (MediaTek Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329664 2018-07-19] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9112792 2018-07-18] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2014-09-17] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [31656 2018-07-18] (HP)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2018-07-18] (HP)
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-25 17:34 - 2018-07-25 17:35 - 000014898 _____ C:\Users\michelle\Downloads\FRST.txt
2018-07-25 17:33 - 2018-07-25 17:34 - 000000000 ____D C:\FRST
2018-07-25 17:29 - 2018-07-25 17:29 - 002412544 _____ (Farbar) C:\Users\michelle\Downloads\FRST64.exe
2018-07-19 22:45 - 2018-07-19 22:45 - 000001367 _____ C:\Users\michelle\Desktop\Roblox Player.lnk
2018-07-19 22:45 - 2018-07-19 22:45 - 000001182 _____ C:\Users\michelle\Desktop\Roblox Studio.lnk
2018-07-19 22:44 - 2018-07-19 22:44 - 000822328 _____ (Roblox Corporation) C:\Users\michelle\Downloads\RobloxPlayerLauncher(1).exe
2018-07-19 22:42 - 2018-07-19 22:42 - 000000000 ____D C:\Users\michelle\Desktop\Old Firefox Data
2018-07-19 22:38 - 2018-07-19 22:38 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-19 22:38 - 2018-07-19 22:38 - 000000936 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-07-19 22:38 - 2018-07-19 22:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-19 22:38 - 2018-07-19 22:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-19 22:32 - 2018-07-19 22:32 - 000003232 _____ C:\WINDOWS\System32\Tasks\{60D885FD-F0DC-4221-9301-8F7D7230F4A9}
2018-07-19 22:29 - 2018-07-19 22:29 - 000454608 _____ (Mozilla Corporation) C:\Users\michelle\Downloads\firefox.exe
2018-07-19 15:42 - 2018-07-19 15:51 - 000000000 ____D C:\Program Files (x86)\Driver Downloader
2018-07-19 15:41 - 2018-07-19 15:41 - 004421304 _____ (PDE Publications Limited ) C:\Users\michelle\Downloads\driver_downloader.exe
2018-07-19 15:40 - 2018-07-19 15:40 - 000329664 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2018-07-19 15:30 - 2018-07-24 14:46 - 000000000 ____D C:\Users\michelle\AppData\LocalLow\Mozilla
2018-07-19 15:30 - 2018-07-19 21:50 - 000000000 ____D C:\Users\michelle\AppData\Local\Mozilla
2018-07-19 15:30 - 2018-07-19 15:30 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Mozilla
2018-07-19 15:25 - 2018-07-19 15:25 - 000313776 _____ (Mozilla) C:\Users\michelle\Downloads\Firefox Installer.exe
2018-07-19 15:14 - 2018-07-19 15:14 - 000822328 _____ (Roblox Corporation) C:\Users\michelle\Downloads\RobloxPlayerLauncher (2).exe
2018-07-19 13:11 - 2018-06-20 16:01 - 007398232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-19 13:11 - 2018-06-20 15:44 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-19 13:11 - 2018-06-20 15:44 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-19 13:11 - 2018-06-20 14:48 - 000095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-07-19 13:11 - 2018-06-20 14:48 - 000027136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fxppm.sys
2018-07-19 13:11 - 2018-06-20 12:58 - 000098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-07-19 13:11 - 2018-06-20 12:58 - 000098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-07-19 13:11 - 2018-06-20 12:58 - 000092672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-07-19 13:11 - 2018-06-14 23:01 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-07-19 13:11 - 2018-06-12 04:00 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-19 13:11 - 2018-06-12 03:57 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-19 13:11 - 2018-06-11 12:55 - 025744896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-19 13:11 - 2018-06-11 12:36 - 003119616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-07-19 13:11 - 2018-06-11 12:14 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-19 13:11 - 2018-06-11 12:06 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-19 13:11 - 2018-06-11 12:04 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-07-19 13:11 - 2018-06-11 11:39 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-07-19 13:11 - 2018-06-11 11:36 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-19 13:11 - 2018-06-11 11:31 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-19 13:11 - 2018-06-11 11:22 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-19 13:11 - 2018-06-11 11:11 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-19 13:11 - 2018-06-11 10:59 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-07-19 13:11 - 2018-06-09 12:40 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-19 13:11 - 2018-06-09 12:26 - 002712064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-07-19 13:11 - 2018-06-09 12:09 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-19 13:11 - 2018-06-09 11:59 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-07-19 13:11 - 2018-06-09 11:37 - 004496384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-19 13:11 - 2018-06-09 11:37 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-07-19 13:11 - 2018-06-09 11:36 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-19 13:11 - 2018-06-09 11:32 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-19 13:11 - 2018-06-09 11:11 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-19 13:11 - 2018-06-09 11:08 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-19 13:11 - 2018-06-09 11:06 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-07-19 13:11 - 2018-06-08 22:47 - 002176072 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-07-19 13:11 - 2018-06-08 21:44 - 001565528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-07-19 13:11 - 2018-06-08 14:26 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-19 13:11 - 2018-06-08 13:54 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-19 13:11 - 2018-06-08 13:53 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-07-19 13:11 - 2018-06-08 13:07 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-19 13:11 - 2018-06-08 12:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-19 13:11 - 2018-06-07 14:51 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-19 13:11 - 2018-05-24 17:29 - 002449752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-19 13:11 - 2018-05-24 17:29 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-07-19 13:11 - 2018-05-15 04:42 - 000590680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-07-19 13:11 - 2018-05-03 19:02 - 000439640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2018-07-19 13:11 - 2018-05-03 19:02 - 000325456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-07-19 13:11 - 2018-05-03 19:02 - 000187728 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2018-07-19 13:11 - 2018-04-26 09:43 - 000918296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000065880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000021848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000018776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000015192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000013152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000063832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000020824 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000019288 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000016216 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000014168 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-19 13:11 - 2018-04-25 13:38 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-18 18:41 - 2018-06-12 15:01 - 000149632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-18 18:41 - 2018-06-08 09:15 - 002860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-18 18:41 - 2018-06-08 09:15 - 001602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-18 15:56 - 2018-07-18 15:56 - 000000000 ____D C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-07-18 15:54 - 2018-07-18 15:54 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2018-07-18 15:54 - 2018-07-18 15:54 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Sun
2018-07-18 15:44 - 2018-07-19 00:00 - 000000000 ____D C:\Users\michelle\AppData\Local\CrashDumps
2018-07-18 15:04 - 2018-07-18 15:04 - 009891328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-07-18 15:04 - 2018-07-18 15:04 - 001071552 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2018-07-18 15:04 - 2018-07-18 15:04 - 000122816 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2018-07-18 15:03 - 2018-07-18 15:03 - 000003174 _____ C:\WINDOWS\System32\Tasks\RtHDVBg
2018-07-18 15:02 - 2018-07-18 15:02 - 000003148 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-07-18 15:00 - 2018-07-18 15:00 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-07-18 14:53 - 2018-07-18 14:53 - 006173640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-07-18 14:53 - 2018-07-18 14:53 - 003417968 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 003214672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 003128768 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001435104 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001328360 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001266352 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001178240 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001133560 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000994648 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000541072 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000467120 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000381368 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000266512 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000174904 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000023656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\SET5CE7.tmp
2018-07-18 14:52 - 2018-07-18 14:53 - 000192944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\SET16D4.tmp
2018-07-18 14:52 - 2018-07-18 14:52 - 003632464 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 003452120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 002939728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 001353280 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000692128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000392840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000327232 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000220352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000122280 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000116504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000093872 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-07-18 14:51 - 2018-07-18 14:51 - 072520672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2018-07-18 14:51 - 2018-07-18 14:51 - 013687502 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-07-18 14:51 - 2018-07-18 14:51 - 003677120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-07-18 14:51 - 2018-07-18 14:51 - 000000000 ____D C:\Program Files (x86)\HP
2018-07-18 14:50 - 2018-07-18 14:50 - 000031656 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2018-07-18 14:49 - 2018-07-18 14:49 - 002541200 _____ (MediaTek Inc.) C:\WINDOWS\system32\Drivers\netr28x.sys
2018-07-18 14:49 - 2018-07-18 14:49 - 000334992 _____ (Mediatek Inc.) C:\WINDOWS\system32\SET841E.tmp
2018-07-18 14:49 - 2018-07-18 14:49 - 000016103 _____ C:\WINDOWS\system32\RaCoInst.dat
2018-07-18 14:48 - 2018-07-18 14:48 - 009112792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys
2018-07-18 14:48 - 2018-07-18 14:48 - 000497368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamX64.dll
2018-07-18 14:48 - 2018-07-18 14:48 - 000440024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll
2018-07-18 14:48 - 2018-07-18 14:48 - 000164056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtsCM64.exe
2018-07-18 14:47 - 2018-07-18 14:47 - 002628312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe
2018-07-18 14:42 - 2018-07-18 14:42 - 000186424 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2018-07-18 14:37 - 2018-07-18 14:37 - 000000000 ____D C:\WINDOWS\IObit
2018-07-18 14:36 - 2018-07-19 22:03 - 000002902 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (michelle)
2018-07-18 14:36 - 2018-07-18 14:36 - 000027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2018-07-18 14:34 - 2018-07-18 14:34 - 020979376 _____ (IObit ) C:\Users\michelle\Downloads\driver_booster_setup.exe
2018-07-18 14:24 - 2018-07-19 22:20 - 000000000 ____D C:\Program Files (x86)\IObit
2018-07-18 14:24 - 2018-07-19 22:17 - 000000000 ____D C:\ProgramData\ProductData
2018-07-18 14:24 - 2018-07-19 21:53 - 000000000 ____D C:\Users\michelle\AppData\Roaming\IObit
2018-07-18 14:24 - 2018-07-18 15:56 - 000000000 ____D C:\Users\michelle\AppData\LocalLow\IObit
2018-07-18 14:24 - 2018-07-18 15:56 - 000000000 ____D C:\ProgramData\IObit
2018-07-18 14:23 - 2018-07-18 14:23 - 015388056 _____ (IObit ) C:\Users\michelle\Downloads\iobituninstaller.exe
2018-07-18 14:12 - 2018-07-18 14:12 - 007197480 _____ (VS Revo Group ) C:\Users\michelle\Downloads\revosetup.exe
2018-07-18 14:09 - 2018-07-18 14:09 - 002673664 _____ C:\Users\michelle\Downloads\MssUninstaller.exe
2018-07-18 14:02 - 2018-07-18 14:03 - 000301724 _____ C:\Users\michelle\Downloads\mlp-castle-background-5.pdn
2018-07-18 14:00 - 2018-07-18 14:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-18 13:58 - 2018-07-18 13:59 - 075607840 _____ (Malwarebytes ) C:\Users\michelle\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5935.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-25 17:33 - 2018-04-18 13:23 - 000001819 _____ C:\Users\michelle\Desktop\desmume.ini
2018-07-25 17:31 - 2014-11-08 10:52 - 000003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1C8F8098-B092-49DA-AD38-EC53BB7CED98}
2018-07-24 20:18 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-07-24 14:45 - 2014-11-08 10:52 - 000000000 ___DO C:\Users\michelle\OneDrive
2018-07-24 14:43 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-23 11:07 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-22 10:36 - 2014-11-08 08:58 - 000000000 ____D C:\Users\michelle
2018-07-20 10:53 - 2014-07-09 16:20 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3472437596-12229158-1782212312-1001
2018-07-19 22:45 - 2014-10-25 14:42 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-07-19 22:45 - 2014-08-31 15:54 - 000000249 _____ C:\Users\michelle\AppData\LocalLow\rbxcsettings.rbx
2018-07-19 22:16 - 2015-12-20 20:15 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-07-19 21:52 - 2014-07-10 22:04 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-19 17:39 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2018-07-19 17:21 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-19 16:38 - 2014-09-24 03:15 - 000958016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-19 16:31 - 2013-08-22 10:44 - 000351656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-19 16:23 - 2013-08-22 11:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-07-19 12:40 - 2018-05-08 13:57 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-07-19 00:01 - 2014-07-09 21:47 - 000000000 ____D C:\Users\michelle\AppData\Local\ElevatedDiagnostics
2018-07-18 23:10 - 2014-12-14 22:20 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-18 16:04 - 2017-12-18 19:18 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-07-18 16:04 - 2017-12-18 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-07-18 16:04 - 2017-07-27 22:21 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2018-07-18 16:04 - 2014-10-24 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Avast Free Antivirus and Options
2018-07-18 16:02 - 2015-12-03 18:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-07-18 15:55 - 2014-07-24 11:51 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-18 15:54 - 2014-08-04 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-18 15:52 - 2014-08-04 16:14 - 000300408 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2018-07-18 15:52 - 2014-08-04 16:14 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-07-18 15:51 - 2014-08-04 16:15 - 000000000 ____D C:\ProgramData\Oracle
2018-07-18 15:40 - 2013-08-22 09:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-07-18 14:58 - 2014-11-08 08:44 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-07-18 14:08 - 2016-05-13 16:54 - 000000000 ____D C:\Users\michelle\AppData\Local\AVAST Software
2018-07-18 14:08 - 2014-10-24 19:30 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-17 12:13 - 2014-10-24 19:32 - 000000000 ____D C:\WINDOWS\system32\aswBoot.exe
2018-07-17 12:12 - 2018-01-07 10:10 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asweb7e3cf74da4a987.tmp
2018-07-17 12:12 - 2017-11-09 20:12 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3b3b7ee74ed23cfd.tmp
2018-07-17 12:12 - 2017-01-22 18:54 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfdc73cc20a9ffd03.tmp
2018-07-17 12:12 - 2017-01-22 18:54 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8a08968042330821.tmp
2018-07-17 12:12 - 2017-01-22 18:54 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswf72a63a34c58b50e.tmp
2018-07-17 12:12 - 2017-01-22 18:54 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa265a25efff88477.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfb6d79d68d5af924.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000463080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8260174003938029.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8b972e1f3b3b4d5c.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa78191a2a498b968.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8a225d4f0de841df.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8276e8e308154a46.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw 921503077e2ccc5.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw714f889c131dedf7.tmp
2018-07-17 12:12 - 2014-10-24 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-07-16 18:02 - 2015-06-21 16:30 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-14 11:08 - 2014-07-10 23:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-14 11:01 - 2014-07-10 23:07 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-13 13:57 - 2018-03-13 17:45 - 000004478 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-13 13:57 - 2014-08-07 21:16 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-07-13 13:56 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-13 13:56 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-13 13:55 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-28 18:07 - 2018-03-18 12:40 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-28 18:07 - 2018-03-18 12:40 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-07-13 23:08 - 2017-10-06 17:12 - 000000132 _____ () C:\Users\michelle\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-08-11 11:40 - 2017-08-11 11:40 - 000000063 _____ () C:\Users\michelle\AppData\Local\emaildefaults
2017-08-11 11:41 - 2017-08-11 11:41 - 000000039 _____ () C:\Users\michelle\AppData\Local\kritadisplayrc
2017-08-11 11:38 - 2017-08-11 11:41 - 000015259 _____ () C:\Users\michelle\AppData\Local\kritarc
2016-11-05 15:29 - 2016-11-05 15:29 - 000000017 _____ () C:\Users\michelle\AppData\Local\resmon.resmoncfg
2018-05-05 18:35 - 2018-05-05 18:35 - 000000000 _____ () C:\Users\michelle\AppData\Local\{1F643843-298E-4B06-9712-609389C5621B}
2017-03-03 19:45 - 2017-03-03 19:45 - 000000000 _____ () C:\Users\michelle\AppData\Local\{D3E1848B-8A58-497D-8D8F-D3E6D0ED995E}
2018-02-22 12:27 - 2018-02-22 12:27 - 000000000 _____ () C:\Users\michelle\AppData\Local\{E98D749A-B510-466D-A3C2-DF9105975447}

Some zero byte size files/folders:
==========================
C:\Windows\System32\aswBoot.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-24 20:13

==================== End of FRST.txt ============================



#4 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 25 July 2018 - 04:41 PM

Addition:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by michelle (25-07-2018 17:36:34)
Running from C:\Users\michelle\Downloads
Windows 8.1 (Update) (X64) (2014-11-08 14:47:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3472437596-12229158-1782212312-500 - Administrator - Disabled) => C:\Users\Administrator
Chase (S-1-5-21-3472437596-12229158-1782212312-1120 - Limited - Enabled) => C:\Users\Chase.MICHELLESCUTE
Guest (S-1-5-21-3472437596-12229158-1782212312-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3472437596-12229158-1782212312-1003 - Limited - Enabled)
Kayla (S-1-5-21-3472437596-12229158-1782212312-1121 - Limited - Enabled) => C:\Users\Kayla
michelle (S-1-5-21-3472437596-12229158-1782212312-1001 - Administrator - Enabled) => C:\Users\michelle

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{F11677B7-0D8E-4F34-BEBB-6869FE861CDF}) (Version: 12.5.2.36 - Apple Inc.)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.)
Roblox Player for michelle (HKU\S-1-5-21-3472437596-12229158-1782212312-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio for michelle (HKU\S-1-5-21-3472437596-12229158-1782212312-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
SafeZone Stable 1.46.1990.18 (HKLM-x32\...\SafeZone 1.46.1990.18) (Version: 1.46.1990.18 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 11.0.0.4 - Huion Animation)
USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10277 - Realtek Semiconductor Corp.)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinRAR 5.50 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.6 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3472437596-12229158-1782212312-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (Cyberlink)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (Cyberlink)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09C12424-F620-474A-ADFD-8630F23FEE68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {1A61263A-172F-4245-AF7B-8EB058D9DF39} - System32\Tasks\{60D885FD-F0DC-4221-9301-8F7D7230F4A9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\michelle\AppData\Local\Roblox\Versions\version-f94ed8a819b24d95\RobloxPlayerLauncher.exe -c -uninstall
Task: {1E87D9D6-0CE0-419F-9CD7-5C3A1C832A87} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {2570178F-0856-4414-9DF0-AD97158F1441} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {4A7B6D44-E012-441B-84BB-A9A40FD73FCE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {560E7687-A903-45BB-AFD6-82A7FE467DF0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {656E1B8B-7CB7-478C-9FBA-26FC7A3AA778} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {93F7DC86-BE34-493D-883A-4884449720DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {9D572917-0259-45BE-B4D1-470FB7252E0F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12] (Realtek Semiconductor)
Task: {A136D384-85B6-46C3-8174-51C8BDF98509} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {A2BA751F-41C2-4D9A-A95F-4CB8CE6F45A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {C17071C0-875C-4EE9-BD62-5879A6342C2F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-07] (AVAST Software)
Task: {C7CEE948-9BD7-4B9E-8B11-2F7C8E2198A5} - System32\Tasks\Driver Booster SkipUAC (michelle) => C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DriverBooster.exe
Task: {D5256748-2EB3-4C7D-BEB0-25D0CAB1146C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {D76FEEE1-1C93-41B8-920D-ABAD09B011EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {D8EEE5C4-17B8-4F50-8F4B-54954E5A5E6B} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-07-18] (Realtek Semiconductor)
Task: {E03A6183-FF76-4913-8D44-01C9C481171D} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3472437596-12229158-1782212312-1001
Task: {EF6A288A-18BF-46C0-BCED-3DB16F2EA35F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FCF1C956-F81A-4BCF-A94B-2900533EA2C0} - System32\Tasks\{EB1F6379-D425-4B5C-8335-053ACAD58BEC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\WajaNetEn\1308258bb57186ba506b38c0c2303001.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-18 13:20 - 2018-04-18 13:20 - 006623232 _____ () C:\Users\michelle\Desktop\DeSmuME_0.9.11_x64.exe
2012-11-23 19:55 - 2012-06-07 23:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-11-23 19:32 - 2012-06-26 05:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3472437596-12229158-1782212312-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\michelle\Downloads\mike doing mike thing with art.png
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8D37FC00-ECC4-43A3-B9EB-BB9FC4B7EAC7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{36D82B3C-31BF-488A-9463-D21377871A65}] => (Allow) LPort=1900
FirewallRules: [{0D033936-F169-49E8-9435-8505270E7ACA}] => (Allow) LPort=2869
FirewallRules: [{63C8DB43-825F-41FA-8C80-E47FC6C527D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{7099988D-368F-4459-A5AA-3237E8F7B652}C:\program files\firestorm\slvoice.exe] => (Block) C:\program files\firestorm\slvoice.exe
FirewallRules: [UDP Query User{B678C542-4EF9-4318-BEF4-F7D9874C8D8D}C:\program files\firestorm\slvoice.exe] => (Block) C:\program files\firestorm\slvoice.exe
FirewallRules: [{1EC13594-CD65-4BA4-80BD-6EEF53CA2C5B}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{7BA438E6-A68F-4BCB-8AA0-65468301CD50}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{6DA1A3FD-412E-4E2B-94D1-33002BA6050D}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{0BC66A7D-F463-4C28-B753-4B4DB672EB87}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [TCP Query User{71D28AF3-0E7F-4FEC-B27F-30E250C92E23}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{32FE7D20-2B3A-441D-800B-99038AD45C29}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{08DBAF53-D54A-4ED3-9386-5173EB93413A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{279F1099-E6D3-4E15-8773-8516F3836355}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5AFCD79A-9F06-4F27-9DF2-7D90C8DEE081}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADCB73F0-94AD-49FD-9991-DAEFDDF953DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6224CC23-9E45-4443-8C1E-B654E1ED57C4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{613ACBF4-DE1C-4528-9609-63B3C223DBB9}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{02B97089-389D-4633-9A7C-7BB40A25C97F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{1E420429-856C-4B17-83DD-3AA5A099FAFF}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{571E96F3-E6AB-4F50-B8AE-57609859F4B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{209DBE14-E105-49D9-8F77-3B6356DFC566}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

05-07-2018 21:22:55 Scheduled Checkpoint
14-07-2018 10:58:03 Windows Update
18-07-2018 14:15:16 Revo Uninstaller's restore point - MySafeSavings
18-07-2018 14:40:58 Driver Booster : HP Wireless Button Driver
19-07-2018 15:38:12 Driver Booster : Realtek PCIE CardReader
19-07-2018 22:02:48 Removed Minecraft
19-07-2018 22:15:38 Removed Minecraft
24-07-2018 20:14:14 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2018 11:43:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 738672

Error: (07/24/2018 11:43:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 738672

Error: (07/24/2018 11:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/24/2018 02:48:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5844

Error: (07/24/2018 02:48:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5844

Error: (07/24/2018 02:48:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/24/2018 02:43:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.374.70.19, time stamp: 0x54dd6d21
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xc06d007e
Fault offset: 0x0000000000008eac
Faulting process id: 0x5d4
Faulting application start time: 0x01d4237e26020761
Faulting application path: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 6cbc373e-8f71-11e8-bf89-78e3b581fba0
Faulting package full name:
Faulting package-relative application ID:

Error: (07/22/2018 06:26:42 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database


System errors:
=============
Error: (07/24/2018 11:16:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 10:50:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 10:30:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 09:14:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 08:19:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 02:43:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/24/2018 02:43:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.

Error: (07/22/2018 10:38:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2018-07-24 22:53:10.464
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {81E7F472-D0C7-49FA-87D6-33564E1C63BB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 22:31:53.688
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {01B41F62-8CA4-47C9-81A5-44F79661B538}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 21:21:13.610
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {0E243E38-07B6-4A5D-8EB7-D3C641B5A1FC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 20:19:19.566
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {77816576-1A6F-4E8A-A642-2ED7D2D2AE13}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 14:30:24.336
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {B176574D-7930-4F31-93A6-C3F3F096FD24}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 19:15:38.521
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2016-07-25 16:46:29.574
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 114.3.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.11502.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2016-07-25 16:46:29.565
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.199.3207.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.11701.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2016-07-25 16:46:29.564
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.199.3207.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.11701.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2016-07-25 16:46:29.455
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.199.3207.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.11701.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-07-25 17:33:50.714
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 17:33:50.360
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 17:31:16.747
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 17:31:16.403
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 10:12:01.646
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 10:12:01.115
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 10:04:49.938
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 10:04:49.547
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 3983.28 MB
Available physical RAM: 1650.3 MB
Total Virtual: 5007.28 MB
Available Virtual: 1929.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.74 GB) (Free:370.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.47 GB) (Free:2.79 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{adfb6846-e748-4c7e-837b-b4dade63ea55}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{58d4448e-f0c1-412a-8bdf-c4501a248ef2}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{4dc9b06c-5b04-49e3-b5cc-b884c980ae91}\ () (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C2C9F703)

Partition: GPT.

==================== End of Addition.txt ============================



#5 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 26 July 2018 - 03:01 PM

Hi kittensmittens00 :)
 
We have quite a few things to fix here. Let's take things one at a time.

  • Highlight the text below in its entirety and press Ctrl-C to copy it to your clipboard
Start::
CreateRestorePoint:
CloseProcesses:
Task: {FCF1C956-F81A-4BCF-A94B-2900533EA2C0} - System32\Tasks\{EB1F6379-D425-4B5C-8335-053ACAD58BEC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\WajaNetEn\1308258bb57186ba506b38c0c2303001.exe"
C:\Program Files\WajaNetEn
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
EmptyTemp:
End::
  • Run FRST64
  • Click on Fix
  • When the Fix has completed, you will be prompted to restart your computer. Please do so
  • After rebooting, locate the log named, Fixlog.txt which was placed into your Downloads folder (because that's where your FRST64.exe file exists)
  • Copy and paste the contents of that log into your next reply to me

Next:
 
Please download AdwCleaner and save it to your Desktop.

  • Right-click AdwCleaner.exe and select Run As Administrator
  • The tool will start to update the database if one is required
  • Click on the Scan button
  • AdwCleaner will begin...be patient as the scan may take some time to complete
  • After the scan has finished, click on the Logfile button
  • A window will open which lists the logs of your scans
  • Click on the Scan tab
  • Double-click the most recent scan which will be at the top of the list....the log will appear
  • Review the results...see note below
  • After reviewing the log, click on the Clean button
  • Press OK when asked to close all programs and follow the onscreen prompts
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report)
  • To open a Cleaning log, launch AdwCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list
  • Copy and paste the contents of AdwCleaner[CX].txt into your next reply to me
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep

Next:

Note: The following directions are for an older version of Malwarebytes Anti-Malware product but the basic procedure is still the same.
Please download the free version of Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your Desktop.

If during the installation you are presented with options to upgrade to the premium paid version, it is your decision as to whether or not you want to do that. The free program will work fine for our present issues..

  • Locate the downloaded file, mb3-setup-consumer-x.x.x.xxxx.exe. The “x.x.x.xxxx” represents the version of Malwarebytes for Windows. (If you did not download it to your Desktop, it will appear in the Downloads folder)
  • Double-click mb3-setup-consumer-x.x.x.xxxx.exe to start the Malwarebytes for Windows setup
  • Detailed installation instructions are here
  • After installation, run the program
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
  • .
    To retrieve the Malwarebytes Anti-Malware scan log information
    • Open Malwarebytes Anti-Malware
    • Click the History Tab at the top and select Application Logs
    • Select (check) the box next to Scan Log. Choose the most current scan
    • Click the View button.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location
    • Be sure to copy and paste the complete log to include the top portion which shows MBAM's database version and your operating system

In summary I will need from you:

  • Fixlog.txt
  • AdwCleaner clean log (AdwCleaner[CX].txt)
  • Malwarebytes Anti-Malware log
  • How is your computer performing now?

Let me know if you have any questions.

 

polskamachina



#6 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 26 July 2018 - 03:20 PM

Just to let you know that I haven't abandoned this topic, I'm doing this for a friend and she is at her dad's at the moment, she'll probably be there for a week. As soon as she gets back I'll do the steps you've listed and reply. Thanks :)

#7 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 26 July 2018 - 04:50 PM

Hi kittensmittens00 :)

 

Thank you for letting me know about your friend's availability.

 

polskamachina



#8 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 31 July 2018 - 02:47 PM

I made a second post when you first directed me to, (I got confused when I first replied) I did all the things that that person directed me to, yet I'm still having problems. Here's the post for more information:

https://www.bleepingcomputer.com/forums/t/681213/youtube-and-games-are-slow-or-do-not-load/

So if there's anything you could help with it would be appreciated.


Edited by kittensmittens00, 31 July 2018 - 02:47 PM.


#9 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 01 August 2018 - 10:46 AM

Hi kittensmittens00 :)

 

I think you followed the directions I gave you to a tee and that caused the confusion. I just needed for you to post the FRST scan results, not start another topic. Did you still want me to help you with this or have you created another topic already?

 

polskamachina



#10 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 01 August 2018 - 10:54 AM

I created one in the beginning, I followed it to a tee xD But since I just go to the replies through my email it took me a while to realize that I was talking to two separate people, and not just you ;-; Sorry about that, and since it doesn't seem like a malware issue, I probably won't need your help anymore. I'm thinking maybe the malware caused the drivers to update inproperly? I don't know. Thanks for helping me though.

#11 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 01 August 2018 - 11:02 AM

I have a few ideas about how to fix your youtube slowness even though malware may not be involved. Let me know if you're interested in continuing here.

 

polskamachina



#12 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 01 August 2018 - 11:10 AM

Sure. I can't do it at the moment because my friend isn't here but I should be able to do it later today or tommorow.

#13 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 01 August 2018 - 11:14 AM

Ok, I'll prepare something for you later today.

 

polskamachina



#14 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 01 August 2018 - 04:58 PM

Hi kittensmittens00 :)

 

I've reviewed your previous logs from both topics. Did you ever download and run a Malwarebyte's Anti-malware scan as I asked earlier? If you did, please copy and paste the log into your next reply to me. If not, please follow the directions about how to run the scan as described in my previous post. (You do not need to do any of the other steps in that post)

 

Next:

  • Please run FRST64 again
  • Click on Scan
  • Copy and paste FRST.txt and Addition.txt into your next reply to me

In summary I will need from you:

  • Malwwarebytes Anti-Malware log
  • FRST.txt
  • Addition.txt

Let me know if you have any questions.

 

polskamachina



#15 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 August 2018 - 11:28 PM

Malwarebytes Log:

 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 8/2/18
Scan Time: 11:58 PM
Log File: 76181b2c-96d1-11e8-af1c-78e3b581fba0.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.6179
License: Free
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: MICHELLESCUTE\michelle
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 429937
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 26 min, 48 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUP.Optional.MySearchDial, HKU\S-1-5-21-3472437596-12229158-1782212312-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [132], [168579],1.0.6179
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 3
PUP.Optional.AdvancedSystemCare, C:\$RECYCLE.BIN\S-1-5-21-3472437596-12229158-1782212312-1001\$RNB5PYH.EXE, Quarantined, [4490], [396386],1.0.6179
PUP.Optional.AdvancedSystemCare, C:\$RECYCLE.BIN\S-1-5-21-3472437596-12229158-1782212312-1001\$R46ULNA.EXE, Quarantined, [4490], [396386],1.0.6179
PUP.Optional.DriverDownloader, C:\USERS\MICHELLE\DOWNLOADS\DRIVER_DOWNLOADER.EXE, Quarantined, [894], [353234],1.0.6179
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users