Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Youtube and Games are slow or do not load


  • This topic is locked This topic is locked
10 replies to this topic

#1 kittensmittens00

kittensmittens00

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 25 July 2018 - 04:45 PM

Here is the link to my original post for more detail if needed:

https://www.bleepingcomputer.com/forums/t/680880/youtube-and-game-issues/

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by michelle (administrator) on MICHELLESCUTE (25-07-2018 17:34:02)
Running from C:\Users\michelle\Downloads
Loaded Profiles: michelle (Available Profiles: michelle & Chase & Kayla & Administrator & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Graphic Tablet Company Shenzhen) C:\Program Files\TabletDriver\TabletDriver.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\michelle\Desktop\DeSmuME_0.9.11_x64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\Program Files\TabletDriver\TabletDriver.exe [1157344 2015-07-09] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1120\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{3FDBC09C-99AB-4A73-B303-869E5AE9F34F}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{44449148-2BEF-4758-9A26-F0FBBB14BAED}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3472437596-12229158-1782212312-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3472437596-12229158-1782212312-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3472437596-12229158-1782212312-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)

FireFox:
========
FF DefaultProfile: c8a1h0yk.default-1532054534234
FF ProfilePath: C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\c8a1h0yk.default-1532054534234 [2018-07-25]
FF Session Restore: Mozilla\Firefox\Profiles\c8a1h0yk.default-1532054534234 -> is enabled.
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-03] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default [2018-07-19]
CHR Extension: (Docs) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-23]
CHR Extension: (Google Drive) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-23]
CHR Extension: (YouTube) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-23]
CHR Extension: (Gmail) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2018-07-18] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-07-18] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-07-18] (REALiX™)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2541200 2018-07-18] (MediaTek Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329664 2018-07-19] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9112792 2018-07-18] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2014-09-17] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [31656 2018-07-18] (HP)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2018-07-18] (HP)
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-25 17:34 - 2018-07-25 17:35 - 000014898 _____ C:\Users\michelle\Downloads\FRST.txt
2018-07-25 17:33 - 2018-07-25 17:34 - 000000000 ____D C:\FRST
2018-07-25 17:29 - 2018-07-25 17:29 - 002412544 _____ (Farbar) C:\Users\michelle\Downloads\FRST64.exe
2018-07-19 22:45 - 2018-07-19 22:45 - 000001367 _____ C:\Users\michelle\Desktop\Roblox Player.lnk
2018-07-19 22:45 - 2018-07-19 22:45 - 000001182 _____ C:\Users\michelle\Desktop\Roblox Studio.lnk
2018-07-19 22:44 - 2018-07-19 22:44 - 000822328 _____ (Roblox Corporation) C:\Users\michelle\Downloads\RobloxPlayerLauncher(1).exe
2018-07-19 22:42 - 2018-07-19 22:42 - 000000000 ____D C:\Users\michelle\Desktop\Old Firefox Data
2018-07-19 22:38 - 2018-07-19 22:38 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-19 22:38 - 2018-07-19 22:38 - 000000936 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-07-19 22:38 - 2018-07-19 22:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-19 22:38 - 2018-07-19 22:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-19 22:32 - 2018-07-19 22:32 - 000003232 _____ C:\WINDOWS\System32\Tasks\{60D885FD-F0DC-4221-9301-8F7D7230F4A9}
2018-07-19 22:29 - 2018-07-19 22:29 - 000454608 _____ (Mozilla Corporation) C:\Users\michelle\Downloads\firefox.exe
2018-07-19 15:42 - 2018-07-19 15:51 - 000000000 ____D C:\Program Files (x86)\Driver Downloader
2018-07-19 15:41 - 2018-07-19 15:41 - 004421304 _____ (PDE Publications Limited ) C:\Users\michelle\Downloads\driver_downloader.exe
2018-07-19 15:40 - 2018-07-19 15:40 - 000329664 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2018-07-19 15:30 - 2018-07-24 14:46 - 000000000 ____D C:\Users\michelle\AppData\LocalLow\Mozilla
2018-07-19 15:30 - 2018-07-19 21:50 - 000000000 ____D C:\Users\michelle\AppData\Local\Mozilla
2018-07-19 15:30 - 2018-07-19 15:30 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Mozilla
2018-07-19 15:25 - 2018-07-19 15:25 - 000313776 _____ (Mozilla) C:\Users\michelle\Downloads\Firefox Installer.exe
2018-07-19 15:14 - 2018-07-19 15:14 - 000822328 _____ (Roblox Corporation) C:\Users\michelle\Downloads\RobloxPlayerLauncher (2).exe
2018-07-19 13:11 - 2018-06-20 16:01 - 007398232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-19 13:11 - 2018-06-20 15:44 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-19 13:11 - 2018-06-20 15:44 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-19 13:11 - 2018-06-20 14:48 - 000095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-07-19 13:11 - 2018-06-20 14:48 - 000027136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fxppm.sys
2018-07-19 13:11 - 2018-06-20 12:58 - 000098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-07-19 13:11 - 2018-06-20 12:58 - 000098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-07-19 13:11 - 2018-06-20 12:58 - 000092672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-07-19 13:11 - 2018-06-14 23:01 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-07-19 13:11 - 2018-06-12 04:00 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-19 13:11 - 2018-06-12 03:57 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-19 13:11 - 2018-06-11 12:55 - 025744896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-19 13:11 - 2018-06-11 12:36 - 003119616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-07-19 13:11 - 2018-06-11 12:14 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-19 13:11 - 2018-06-11 12:06 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-19 13:11 - 2018-06-11 12:04 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-07-19 13:11 - 2018-06-11 11:39 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-07-19 13:11 - 2018-06-11 11:36 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-19 13:11 - 2018-06-11 11:31 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-19 13:11 - 2018-06-11 11:22 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-19 13:11 - 2018-06-11 11:11 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-19 13:11 - 2018-06-11 10:59 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-07-19 13:11 - 2018-06-09 12:40 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-19 13:11 - 2018-06-09 12:26 - 002712064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-07-19 13:11 - 2018-06-09 12:09 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-19 13:11 - 2018-06-09 11:59 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-07-19 13:11 - 2018-06-09 11:37 - 004496384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-19 13:11 - 2018-06-09 11:37 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-07-19 13:11 - 2018-06-09 11:36 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-19 13:11 - 2018-06-09 11:32 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-19 13:11 - 2018-06-09 11:11 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-19 13:11 - 2018-06-09 11:08 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-19 13:11 - 2018-06-09 11:06 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-07-19 13:11 - 2018-06-08 22:47 - 002176072 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-07-19 13:11 - 2018-06-08 21:44 - 001565528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-07-19 13:11 - 2018-06-08 14:26 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-19 13:11 - 2018-06-08 13:54 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-19 13:11 - 2018-06-08 13:53 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-07-19 13:11 - 2018-06-08 13:07 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-19 13:11 - 2018-06-08 12:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-19 13:11 - 2018-06-07 14:51 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-19 13:11 - 2018-05-24 17:29 - 002449752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-19 13:11 - 2018-05-24 17:29 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-07-19 13:11 - 2018-05-15 04:42 - 000590680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-07-19 13:11 - 2018-05-03 19:02 - 000439640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2018-07-19 13:11 - 2018-05-03 19:02 - 000325456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-07-19 13:11 - 2018-05-03 19:02 - 000187728 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2018-07-19 13:11 - 2018-04-26 09:43 - 000918296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000065880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000021848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000018776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000015192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000013152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000063832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000020824 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000019288 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000016216 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000014168 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-19 13:11 - 2018-04-26 09:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-19 13:11 - 2018-04-25 13:38 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-18 18:41 - 2018-06-12 15:01 - 000149632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-18 18:41 - 2018-06-08 09:15 - 002860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-18 18:41 - 2018-06-08 09:15 - 001602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-18 18:41 - 2018-06-08 09:15 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-18 15:56 - 2018-07-18 15:56 - 000000000 ____D C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-07-18 15:54 - 2018-07-18 15:54 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2018-07-18 15:54 - 2018-07-18 15:54 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Sun
2018-07-18 15:44 - 2018-07-19 00:00 - 000000000 ____D C:\Users\michelle\AppData\Local\CrashDumps
2018-07-18 15:04 - 2018-07-18 15:04 - 009891328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-07-18 15:04 - 2018-07-18 15:04 - 001071552 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2018-07-18 15:04 - 2018-07-18 15:04 - 000122816 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2018-07-18 15:03 - 2018-07-18 15:03 - 000003174 _____ C:\WINDOWS\System32\Tasks\RtHDVBg
2018-07-18 15:02 - 2018-07-18 15:02 - 000003148 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-07-18 15:00 - 2018-07-18 15:00 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-07-18 14:53 - 2018-07-18 14:53 - 006173640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-07-18 14:53 - 2018-07-18 14:53 - 003417968 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 003214672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 003128768 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001435104 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001328360 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001266352 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001178240 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 001133560 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000994648 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000541072 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000467120 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000381368 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000266512 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000174904 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-07-18 14:53 - 2018-07-18 14:53 - 000023656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\SET5CE7.tmp
2018-07-18 14:52 - 2018-07-18 14:53 - 000192944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\SET16D4.tmp
2018-07-18 14:52 - 2018-07-18 14:52 - 003632464 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 003452120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 002939728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 001353280 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000692128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000392840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000327232 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000220352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000122280 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000116504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-07-18 14:52 - 2018-07-18 14:52 - 000093872 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-07-18 14:51 - 2018-07-18 14:51 - 072520672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2018-07-18 14:51 - 2018-07-18 14:51 - 013687502 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-07-18 14:51 - 2018-07-18 14:51 - 003677120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-07-18 14:51 - 2018-07-18 14:51 - 000000000 ____D C:\Program Files (x86)\HP
2018-07-18 14:50 - 2018-07-18 14:50 - 000031656 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2018-07-18 14:49 - 2018-07-18 14:49 - 002541200 _____ (MediaTek Inc.) C:\WINDOWS\system32\Drivers\netr28x.sys
2018-07-18 14:49 - 2018-07-18 14:49 - 000334992 _____ (Mediatek Inc.) C:\WINDOWS\system32\SET841E.tmp
2018-07-18 14:49 - 2018-07-18 14:49 - 000016103 _____ C:\WINDOWS\system32\RaCoInst.dat
2018-07-18 14:48 - 2018-07-18 14:48 - 009112792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys
2018-07-18 14:48 - 2018-07-18 14:48 - 000497368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamX64.dll
2018-07-18 14:48 - 2018-07-18 14:48 - 000440024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll
2018-07-18 14:48 - 2018-07-18 14:48 - 000164056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtsCM64.exe
2018-07-18 14:47 - 2018-07-18 14:47 - 002628312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe
2018-07-18 14:42 - 2018-07-18 14:42 - 000186424 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2018-07-18 14:37 - 2018-07-18 14:37 - 000000000 ____D C:\WINDOWS\IObit
2018-07-18 14:36 - 2018-07-19 22:03 - 000002902 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (michelle)
2018-07-18 14:36 - 2018-07-18 14:36 - 000027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2018-07-18 14:34 - 2018-07-18 14:34 - 020979376 _____ (IObit ) C:\Users\michelle\Downloads\driver_booster_setup.exe
2018-07-18 14:24 - 2018-07-19 22:20 - 000000000 ____D C:\Program Files (x86)\IObit
2018-07-18 14:24 - 2018-07-19 22:17 - 000000000 ____D C:\ProgramData\ProductData
2018-07-18 14:24 - 2018-07-19 21:53 - 000000000 ____D C:\Users\michelle\AppData\Roaming\IObit
2018-07-18 14:24 - 2018-07-18 15:56 - 000000000 ____D C:\Users\michelle\AppData\LocalLow\IObit
2018-07-18 14:24 - 2018-07-18 15:56 - 000000000 ____D C:\ProgramData\IObit
2018-07-18 14:23 - 2018-07-18 14:23 - 015388056 _____ (IObit ) C:\Users\michelle\Downloads\iobituninstaller.exe
2018-07-18 14:12 - 2018-07-18 14:12 - 007197480 _____ (VS Revo Group ) C:\Users\michelle\Downloads\revosetup.exe
2018-07-18 14:09 - 2018-07-18 14:09 - 002673664 _____ C:\Users\michelle\Downloads\MssUninstaller.exe
2018-07-18 14:02 - 2018-07-18 14:03 - 000301724 _____ C:\Users\michelle\Downloads\mlp-castle-background-5.pdn
2018-07-18 14:00 - 2018-07-18 14:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-18 13:58 - 2018-07-18 13:59 - 075607840 _____ (Malwarebytes ) C:\Users\michelle\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5935.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-25 17:33 - 2018-04-18 13:23 - 000001819 _____ C:\Users\michelle\Desktop\desmume.ini
2018-07-25 17:31 - 2014-11-08 10:52 - 000003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1C8F8098-B092-49DA-AD38-EC53BB7CED98}
2018-07-24 20:18 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-07-24 14:45 - 2014-11-08 10:52 - 000000000 ___DO C:\Users\michelle\OneDrive
2018-07-24 14:43 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-23 11:07 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-22 10:36 - 2014-11-08 08:58 - 000000000 ____D C:\Users\michelle
2018-07-20 10:53 - 2014-07-09 16:20 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3472437596-12229158-1782212312-1001
2018-07-19 22:45 - 2014-10-25 14:42 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-07-19 22:45 - 2014-08-31 15:54 - 000000249 _____ C:\Users\michelle\AppData\LocalLow\rbxcsettings.rbx
2018-07-19 22:16 - 2015-12-20 20:15 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-07-19 21:52 - 2014-07-10 22:04 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-19 17:39 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2018-07-19 17:21 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-19 16:38 - 2014-09-24 03:15 - 000958016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-19 16:31 - 2013-08-22 10:44 - 000351656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-19 16:23 - 2013-08-22 11:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-07-19 12:40 - 2018-05-08 13:57 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-07-19 00:01 - 2014-07-09 21:47 - 000000000 ____D C:\Users\michelle\AppData\Local\ElevatedDiagnostics
2018-07-18 23:10 - 2014-12-14 22:20 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-18 16:04 - 2017-12-18 19:18 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-07-18 16:04 - 2017-12-18 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-07-18 16:04 - 2017-07-27 22:21 - 000000000 ____D C:\Users\michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2018-07-18 16:04 - 2014-10-24 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Avast Free Antivirus and Options
2018-07-18 16:02 - 2015-12-03 18:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-07-18 15:55 - 2014-07-24 11:51 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-18 15:54 - 2014-08-04 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-18 15:52 - 2014-08-04 16:14 - 000300408 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2018-07-18 15:52 - 2014-08-04 16:14 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-07-18 15:51 - 2014-08-04 16:15 - 000000000 ____D C:\ProgramData\Oracle
2018-07-18 15:40 - 2013-08-22 09:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-07-18 14:58 - 2014-11-08 08:44 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-07-18 14:08 - 2016-05-13 16:54 - 000000000 ____D C:\Users\michelle\AppData\Local\AVAST Software
2018-07-18 14:08 - 2014-10-24 19:30 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-17 12:13 - 2014-10-24 19:32 - 000000000 ____D C:\WINDOWS\system32\aswBoot.exe
2018-07-17 12:12 - 2018-01-07 10:10 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asweb7e3cf74da4a987.tmp
2018-07-17 12:12 - 2017-11-09 20:12 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3b3b7ee74ed23cfd.tmp
2018-07-17 12:12 - 2017-01-22 18:54 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfdc73cc20a9ffd03.tmp
2018-07-17 12:12 - 2017-01-22 18:54 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8a08968042330821.tmp
2018-07-17 12:12 - 2017-01-22 18:54 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswf72a63a34c58b50e.tmp
2018-07-17 12:12 - 2017-01-22 18:54 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa265a25efff88477.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfb6d79d68d5af924.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000463080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8260174003938029.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8b972e1f3b3b4d5c.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa78191a2a498b968.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8a225d4f0de841df.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8276e8e308154a46.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw 921503077e2ccc5.tmp
2018-07-17 12:12 - 2014-10-24 19:33 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw714f889c131dedf7.tmp
2018-07-17 12:12 - 2014-10-24 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-07-16 18:02 - 2015-06-21 16:30 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-14 11:08 - 2014-07-10 23:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-14 11:01 - 2014-07-10 23:07 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-13 13:57 - 2018-03-13 17:45 - 000004478 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-13 13:57 - 2014-08-07 21:16 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-07-13 13:56 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-13 13:56 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-13 13:55 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-28 18:07 - 2018-03-18 12:40 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-28 18:07 - 2018-03-18 12:40 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-07-13 23:08 - 2017-10-06 17:12 - 000000132 _____ () C:\Users\michelle\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-08-11 11:40 - 2017-08-11 11:40 - 000000063 _____ () C:\Users\michelle\AppData\Local\emaildefaults
2017-08-11 11:41 - 2017-08-11 11:41 - 000000039 _____ () C:\Users\michelle\AppData\Local\kritadisplayrc
2017-08-11 11:38 - 2017-08-11 11:41 - 000015259 _____ () C:\Users\michelle\AppData\Local\kritarc
2016-11-05 15:29 - 2016-11-05 15:29 - 000000017 _____ () C:\Users\michelle\AppData\Local\resmon.resmoncfg
2018-05-05 18:35 - 2018-05-05 18:35 - 000000000 _____ () C:\Users\michelle\AppData\Local\{1F643843-298E-4B06-9712-609389C5621B}
2017-03-03 19:45 - 2017-03-03 19:45 - 000000000 _____ () C:\Users\michelle\AppData\Local\{D3E1848B-8A58-497D-8D8F-D3E6D0ED995E}
2018-02-22 12:27 - 2018-02-22 12:27 - 000000000 _____ () C:\Users\michelle\AppData\Local\{E98D749A-B510-466D-A3C2-DF9105975447}

Some zero byte size files/folders:
==========================
C:\Windows\System32\aswBoot.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-24 20:13

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Addition

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by michelle (25-07-2018 17:36:34)
Running from C:\Users\michelle\Downloads
Windows 8.1 (Update) (X64) (2014-11-08 14:47:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3472437596-12229158-1782212312-500 - Administrator - Disabled) => C:\Users\Administrator
Chase (S-1-5-21-3472437596-12229158-1782212312-1120 - Limited - Enabled) => C:\Users\Chase.MICHELLESCUTE
Guest (S-1-5-21-3472437596-12229158-1782212312-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3472437596-12229158-1782212312-1003 - Limited - Enabled)
Kayla (S-1-5-21-3472437596-12229158-1782212312-1121 - Limited - Enabled) => C:\Users\Kayla
michelle (S-1-5-21-3472437596-12229158-1782212312-1001 - Administrator - Enabled) => C:\Users\michelle

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{F11677B7-0D8E-4F34-BEBB-6869FE861CDF}) (Version: 12.5.2.36 - Apple Inc.)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.)
Roblox Player for michelle (HKU\S-1-5-21-3472437596-12229158-1782212312-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio for michelle (HKU\S-1-5-21-3472437596-12229158-1782212312-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
SafeZone Stable 1.46.1990.18 (HKLM-x32\...\SafeZone 1.46.1990.18) (Version: 1.46.1990.18 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 11.0.0.4 - Huion Animation)
USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10277 - Realtek Semiconductor Corp.)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinRAR 5.50 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.6 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3472437596-12229158-1782212312-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (Cyberlink)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (Cyberlink)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09C12424-F620-474A-ADFD-8630F23FEE68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {1A61263A-172F-4245-AF7B-8EB058D9DF39} - System32\Tasks\{60D885FD-F0DC-4221-9301-8F7D7230F4A9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\michelle\AppData\Local\Roblox\Versions\version-f94ed8a819b24d95\RobloxPlayerLauncher.exe -c -uninstall
Task: {1E87D9D6-0CE0-419F-9CD7-5C3A1C832A87} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {2570178F-0856-4414-9DF0-AD97158F1441} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {4A7B6D44-E012-441B-84BB-A9A40FD73FCE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {560E7687-A903-45BB-AFD6-82A7FE467DF0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {656E1B8B-7CB7-478C-9FBA-26FC7A3AA778} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {93F7DC86-BE34-493D-883A-4884449720DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {9D572917-0259-45BE-B4D1-470FB7252E0F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12] (Realtek Semiconductor)
Task: {A136D384-85B6-46C3-8174-51C8BDF98509} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {A2BA751F-41C2-4D9A-A95F-4CB8CE6F45A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {C17071C0-875C-4EE9-BD62-5879A6342C2F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-07] (AVAST Software)
Task: {C7CEE948-9BD7-4B9E-8B11-2F7C8E2198A5} - System32\Tasks\Driver Booster SkipUAC (michelle) => C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DriverBooster.exe
Task: {D5256748-2EB3-4C7D-BEB0-25D0CAB1146C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {D76FEEE1-1C93-41B8-920D-ABAD09B011EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {D8EEE5C4-17B8-4F50-8F4B-54954E5A5E6B} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-07-18] (Realtek Semiconductor)
Task: {E03A6183-FF76-4913-8D44-01C9C481171D} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3472437596-12229158-1782212312-1001
Task: {EF6A288A-18BF-46C0-BCED-3DB16F2EA35F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FCF1C956-F81A-4BCF-A94B-2900533EA2C0} - System32\Tasks\{EB1F6379-D425-4B5C-8335-053ACAD58BEC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\WajaNetEn\1308258bb57186ba506b38c0c2303001.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-18 13:20 - 2018-04-18 13:20 - 006623232 _____ () C:\Users\michelle\Desktop\DeSmuME_0.9.11_x64.exe
2012-11-23 19:55 - 2012-06-07 23:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-11-23 19:32 - 2012-06-26 05:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3472437596-12229158-1782212312-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\michelle\Downloads\mike doing mike thing with art.png
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8D37FC00-ECC4-43A3-B9EB-BB9FC4B7EAC7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{36D82B3C-31BF-488A-9463-D21377871A65}] => (Allow) LPort=1900
FirewallRules: [{0D033936-F169-49E8-9435-8505270E7ACA}] => (Allow) LPort=2869
FirewallRules: [{63C8DB43-825F-41FA-8C80-E47FC6C527D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{7099988D-368F-4459-A5AA-3237E8F7B652}C:\program files\firestorm\slvoice.exe] => (Block) C:\program files\firestorm\slvoice.exe
FirewallRules: [UDP Query User{B678C542-4EF9-4318-BEF4-F7D9874C8D8D}C:\program files\firestorm\slvoice.exe] => (Block) C:\program files\firestorm\slvoice.exe
FirewallRules: [{1EC13594-CD65-4BA4-80BD-6EEF53CA2C5B}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{7BA438E6-A68F-4BCB-8AA0-65468301CD50}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{6DA1A3FD-412E-4E2B-94D1-33002BA6050D}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{0BC66A7D-F463-4C28-B753-4B4DB672EB87}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [TCP Query User{71D28AF3-0E7F-4FEC-B27F-30E250C92E23}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{32FE7D20-2B3A-441D-800B-99038AD45C29}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{08DBAF53-D54A-4ED3-9386-5173EB93413A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{279F1099-E6D3-4E15-8773-8516F3836355}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5AFCD79A-9F06-4F27-9DF2-7D90C8DEE081}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADCB73F0-94AD-49FD-9991-DAEFDDF953DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6224CC23-9E45-4443-8C1E-B654E1ED57C4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{613ACBF4-DE1C-4528-9609-63B3C223DBB9}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{02B97089-389D-4633-9A7C-7BB40A25C97F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{1E420429-856C-4B17-83DD-3AA5A099FAFF}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{571E96F3-E6AB-4F50-B8AE-57609859F4B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{209DBE14-E105-49D9-8F77-3B6356DFC566}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

05-07-2018 21:22:55 Scheduled Checkpoint
14-07-2018 10:58:03 Windows Update
18-07-2018 14:15:16 Revo Uninstaller's restore point - MySafeSavings
18-07-2018 14:40:58 Driver Booster : HP Wireless Button Driver
19-07-2018 15:38:12 Driver Booster : Realtek PCIE CardReader
19-07-2018 22:02:48 Removed Minecraft
19-07-2018 22:15:38 Removed Minecraft
24-07-2018 20:14:14 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2018 11:43:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 738672

Error: (07/24/2018 11:43:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 738672

Error: (07/24/2018 11:43:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/24/2018 02:48:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5844

Error: (07/24/2018 02:48:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5844

Error: (07/24/2018 02:48:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/24/2018 02:43:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.374.70.19, time stamp: 0x54dd6d21
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xc06d007e
Fault offset: 0x0000000000008eac
Faulting process id: 0x5d4
Faulting application start time: 0x01d4237e26020761
Faulting application path: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 6cbc373e-8f71-11e8-bf89-78e3b581fba0
Faulting package full name:
Faulting package-relative application ID:

Error: (07/22/2018 06:26:42 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database


System errors:
=============
Error: (07/24/2018 11:16:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 10:50:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 10:30:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 09:14:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 08:19:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.

Error: (07/24/2018 02:43:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/24/2018 02:43:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.

Error: (07/22/2018 10:38:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2018-07-24 22:53:10.464
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {81E7F472-D0C7-49FA-87D6-33564E1C63BB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 22:31:53.688
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {01B41F62-8CA4-47C9-81A5-44F79661B538}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 21:21:13.610
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {0E243E38-07B6-4A5D-8EB7-D3C641B5A1FC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 20:19:19.566
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {77816576-1A6F-4E8A-A642-2ED7D2D2AE13}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 14:30:24.336
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {B176574D-7930-4F31-93A6-C3F3F096FD24}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-07-24 19:15:38.521
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2016-07-25 16:46:29.574
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 114.3.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.11502.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2016-07-25 16:46:29.565
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.199.3207.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.11701.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2016-07-25 16:46:29.564
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.199.3207.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.11701.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2016-07-25 16:46:29.455
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.199.3207.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.11701.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-07-25 17:33:50.714
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 17:33:50.360
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 17:31:16.747
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 17:31:16.403
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 10:12:01.646
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 10:12:01.115
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 10:04:49.938
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-25 10:04:49.547
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AERTAR64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 3983.28 MB
Available physical RAM: 1650.3 MB
Total Virtual: 5007.28 MB
Available Virtual: 1929.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.74 GB) (Free:370.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.47 GB) (Free:2.79 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{adfb6846-e748-4c7e-837b-b4dade63ea55}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{58d4448e-f0c1-412a-8bdf-c4501a248ef2}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{4dc9b06c-5b04-49e3-b5cc-b884c980ae91}\ () (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C2C9F703)

Partition: GPT.

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:06 PM

Posted 26 July 2018 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
CloseProcesses:

GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1120\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1001\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3472437596-12229158-1782212312-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
Task: {FCF1C956-F81A-4BCF-A94B-2900533EA2C0} - System32\Tasks\{EB1F6379-D425-4B5C-8335-053ACAD58BEC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\WajaNetEn\1308258bb57186ba506b38c0c2303001.exe"

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please let me know what problem persists with this computer.

#3 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 30 July 2018 - 04:28 PM

Fixlog.txt

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by michelle (30-07-2018 17:21:54) Run:1
Running from C:\Users\michelle\Downloads
Loaded Profiles: michelle (Available Profiles: michelle & Chase & Kayla & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1120\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1001\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3472437596-12229158-1782212312-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
Task: {FCF1C956-F81A-4BCF-A94B-2900533EA2C0} - System32\Tasks\{EB1F6379-D425-4B5C-8335-053ACAD58BEC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\WajaNetEn\1308258bb57186ba506b38c0c2303001.exe"

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1120\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3472437596-12229158-1782212312-1001\User => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-3472437596-12229158-1782212312-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Advanced SystemCare" => removed successfully
"HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}" => removed successfully
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Advanced SystemCare" => removed successfully
HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Advanced SystemCare" => removed successfully
HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCF1C956-F81A-4BCF-A94B-2900533EA2C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCF1C956-F81A-4BCF-A94B-2900533EA2C0}" => removed successfully
C:\WINDOWS\System32\Tasks\{EB1F6379-D425-4B5C-8335-053ACAD58BEC} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB1F6379-D425-4B5C-8335-053ACAD58BEC}" => removed successfully


The system needed a reboot.

==== End of Fixlog 17:23:20 ====



#4 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 30 July 2018 - 04:38 PM

After Scan and Cleanup Log File:

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-25.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-30-2018
# Duration: 00:00:08
# OS:       Windows 8.1
# Cleaned:  47
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\michelle\AppData\LocalLow\IObit\Advanced SystemCare
Deleted       C:\Users\michelle\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\Driver Downloader
Deleted       C:\ProgramData\IObit\ASCDownloader
Deleted       C:\Users\Chase.MICHELLESCUTE\AppData\Local\InternetSpeedTracker_9t
Deleted       C:\Users\Guest\AppData\Local\InternetSpeedTracker_9t
Deleted       C:\Users\michelle\Documents\Flash Player Pro
Deleted       C:\Users\michelle\AppData\Roaming\WTools
Deleted       C:\Users\michelle\Documents\Mobogenie
Deleted       C:\Program Files (x86)\ASP
Deleted       C:\Users\michelle\AppData\Local\globalUpdate
Deleted       C:\ProgramData\zoomify2
Deleted       C:\Program Files (x86)\RCP
Deleted       C:\Users\michelle\AppData\LocalLow\zoomify
Deleted       C:\Users\michelle\Documents\PC Health Kit
Deleted       C:\Users\michelle\AppData\Local\iac
Deleted       C:\Users\michelle\AppData\LocalLow\iac

***** [ Files ] *****

Deleted       C:\Users\michelle\daemonprocess.txt

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKCU\Software\AppDataLow\Software\adawarebp
Deleted       HKCU\Software\WTools
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Deleted       HKU\S-1-5-18\Software\MySafeSavings
Deleted       HKU\.DEFAULT\Software\MySafeSavings
Deleted       HKCU\Software\Store

***** [ Chromium (and derivatives) ] *****

Not Deleted   icpdkopnmfngmoklamkhdodopkomekfb

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       v9
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4617 octets] - [30/07/2018 17:31:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 



#5 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 30 July 2018 - 04:47 PM

Youtube is still having issues, although it's running much better than it was before. Games seem to be working fine.

 

I would like the issues with youtube to be fixed. It is still loading slow, although all videos appear to load after a minute or so, unlike before where they sometimes refused to load at all.


Edited by kittensmittens00, 30 July 2018 - 05:07 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:06 PM

Posted 31 July 2018 - 07:39 AM

Hi,

It may help if you clear you YouTube cache.
Read this topic.
https://top.quora.com/If-I-clear-the-cache-on-my-YouTube-app-will-it-erase-all-my-saved-music-videos

#7 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 31 July 2018 - 02:44 PM

I tried it, there was no difference.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:06 PM

Posted 01 August 2018 - 07:24 AM

Hi,

Have a look at this page.
https://www.drivereasy.com/knowledge/youtube-running-slow-on-my-computer/

Hope it helps.

This is not caused by malware and not my forte.

#9 kittensmittens00

kittensmittens00
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 01 August 2018 - 04:00 PM

I accidentally opened two topics about this, could you close this one please? thanks ^^

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:06 PM

Posted 02 August 2018 - 07:30 AM

Done.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:06 PM

Posted 02 August 2018 - 07:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users