Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Jerky Mouse Movements Solved By Disconnecting Myself From The Internet

Started by Cage , Apr 20 2019 07:39 AM
hacked spyware windows 10 keylogger malware trojan

  • This topic is locked This topic is locked
3 replies to this topic

#1 Cage

Cage

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 20 April 2019 - 07:39 AM

The things I'm about to say would never have enter my mind if I had never had seen it and experienced it for myself. There is deliberate actions taking place on my machine. For example, jerky mouse movements. I would have put that down to RAM issues or issues with the USB driver affecting the responsiveness of keyboard. But the very fact that those jerky mouse movements was solved by disconnecting myself from the internet, that is the main reason why I have come to this conclusion right now. I am on the verge of reinstalling Windows 10 which would be a huge headache for me, but I am at a loss as to what to do next. Any help from you would be appreciated.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.04.2019 01
Ran by MickeyCage (administrator) on DESKTOP-8Q6S5P3 (HP HP Pavilion Notebook) (20-04-2019 13:47:09)
Running from C:\Users\MickeyCage\Desktop
Loaded Profiles: MickeyCage (Available Profiles: MickeyCage & SurfAndBlaze & Little-Rights-For-U)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(SparkLabs Pty Ltd -> SparkLabs) C:\Program Files\Viscosity\ViscosityService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.0.183\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.0.183\nsWscSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.0.183\NortonSecurity.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TEFINCOM S.A. -> NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Software Sarl -> Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2017-06-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2017-06-14] (Logitech -> Logitech, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3000172399-2907617184-3595842285-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3000172399-2907617184-3595842285-1001\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe
HKU\S-1-5-21-3000172399-2907617184-3595842285-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [2229200 2019-02-21] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\Users\SurfAndBlaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-10-18]
ShortcutTarget: MEGAsync.lnk -> C:\Users\MickeyCage\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07BDB722-FE19-4621-B044-A0D1FE35A422} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe (Symantec Corporation -> Symantec Corporation)
Task: {0D6D0B11-BF7B-46A1-A6A8-1B4733348C4D} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {108CF196-2235-4223-ACFB-E231E83303E9} - System32\Tasks\Opera scheduled Autoupdate 1498357332 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {3D9F415F-1C16-4D55-8A8C-2C1CF1F5BE3A} - System32\Tasks\Norton Internet Security\Norton Internet Security Autofix => C:\Program Files\Norton Security\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {40DDC95A-4332-4049-9FF0-4B7C426211CD} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3000172399-2907617184-3595842285-1002 => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\MEGAupdater.exe (Mega Limited -> Mega Limited)
Task: {541BDA82-66AC-4C05-804C-363D8FCCA082} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {646EB305-A676-427B-AD8E-4E884AC56286} - System32\Tasks\S-1-5-21-3000172399-2907617184-3595842285-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {791ED40F-2823-4A11-978E-0214823F6411} - System32\Tasks\Norton Security Scan for MickeyCage => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.179\Nss.exe (Symantec Corporation -> Symantec Corporation)
Task: {89D8B4C3-15E4-42AA-8FAB-6BCB293DFDC0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {8C4E7169-B3E6-4DB1-A0C9-7D752C3CCFE2} - System32\Tasks\Opera scheduled Autoupdate 1497543224 => C:\Users\SurfAndBlaze\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {97ECF854-A099-4185-9FFB-2B6E33CA964F} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {C1FBD3AC-3F31-4E8B-A1D6-7B3F1037185F} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.0.183\WSCStub.exe (Symantec Corporation -> Symantec Corporation)
Task: {C388EBC2-42E8-4D3B-AB67-891237BB0531} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 188.162.6.200  188.164.7.100
Tcpip\..\Interfaces\{aefca918-6acf-49cc-aeb7-5af27eaf4176}: [DhcpNameServer] 188.162.6.200  188.164.7.100

Internet Explorer:
==================
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)

FireFox:
========
FF DefaultProfile: 79p19vzl.default
FF ProfilePath: C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default [2019-04-20]
FF NewTab: Mozilla\Firefox\Profiles\79p19vzl.default -> about:newtab
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\firefox@ghostery.com.xpi [2019-03-25]
FF Extension: (google-no-tracking-url) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2017-11-25]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\marcoagpinto@mail.telepac.pt.xpi [2019-04-18]
FF Extension: (Norton Safe Search) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\nortonsafesearch_ul@symantec.com.xpi [2019-04-18] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\nortonsafeweb@symantec.com.xpi [2019-04-18]
FF Extension: (uBlock Origin) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\uBlock0@raymondhill.net.xpi [2019-03-25]
FF Extension: (Session Manager) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-06-14] [Legacy]
FF Extension: (Bluhell Firewall) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2017-10-26] [Legacy]
FF Extension: (NoScript) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-04-18]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-18]
FF Extension: (Greasemonkey) - C:\Users\MickeyCage\AppData\Roaming\Mozilla\Firefox\Profiles\79p19vzl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-30]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1394360 2017-06-14] (Intel® Software -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365032 2017-06-14] (Intel® pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [217040 2019-02-21] (TEFINCOM S.A. -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.0.183\NortonSecurity.exe [225600 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.0.183\nsWscSvc.exe [934216 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2017-06-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
R2 ViscosityService; C:\Program Files\Viscosity\ViscosityService.exe [214728 2017-12-20] (SparkLabs Pty Ltd -> SparkLabs)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP Inc. -> HP)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.17.0.183\Definitions\BASHDefs\20190416.001\BHDrvx64.sys [1934048 2019-04-16] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\ccSetx64.sys [192712 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2017-06-14] (Intel® Software -> Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-11-13] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-04-20] (Symantec Corporation -> Symantec Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2017-06-14] (Intel® Software -> Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP Inc. -> HP)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.17.0.183\Definitions\IPSDefs\20190419.061\IDSvia64.sys [1441800 2019-04-18] (Symantec Corporation -> Symantec Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2017-06-14] (Intel® Software -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-20] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSP64.SYS [859864 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSPX64.SYS [49888 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SYMEFASI64.SYS [1998344 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SymELAM.sys [25744 2019-03-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-04-19] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.17.0.183\SymPlatform\SymEvnt.sys [700640 2019-02-19] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\Ironx64.SYS [315912 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\symnets.sys [573448 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-06-13] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-06-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 visctap0901; C:\WINDOWS\System32\drivers\visctap0901.sys [59760 2016-08-11] (SparkLabs Pty Ltd -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\wpCtrlDrv.sys [1012120 2019-03-07] (Symantec Corporation -> Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-20 13:30 - 2019-04-20 13:38 - 001038892 _____ C:\WINDOWS\Minidump\042019-63234-01.dmp
2019-04-20 13:25 - 2019-04-20 13:25 - 005198336 _____ (AVAST Software) C:\Users\MickeyCage\Downloads\aswMBR.exe
2019-04-20 13:12 - 2019-04-20 13:12 - 000000036 _____ C:\Users\MickeyCage\Desktop\whatthetech.txt
2019-04-20 12:51 - 2019-04-20 13:06 - 000000682 _____ C:\Users\MickeyCage\Desktop\New Text Document.txt
2019-04-20 12:50 - 2019-04-20 12:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-04-20 10:16 - 2019-04-20 13:31 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-20 09:12 - 2019-02-18 14:14 - 000857648 _____ (Sysinternals - www.sysinternals.com) C:\Users\MickeyCage\Desktop\Autoruns64.exe
2019-04-20 09:11 - 2019-04-20 09:11 - 000729648 _____ (Sysinternals - www.sysinternals.com) C:\Users\MickeyCage\Downloads\autoruns.exe
2019-04-20 07:58 - 2019-02-18 14:14 - 000857648 _____ (Sysinternals - www.sysinternals.com) C:\Users\SurfAndBlaze\Desktop\Autoruns64.exe
2019-04-20 07:18 - 2019-04-20 07:18 - 000000114 _____ C:\WINDOWS\ntbtlog.txt
2019-04-19 20:55 - 2019-04-19 20:55 - 000004390 _____ C:\WINDOWS\System32\Tasks\Norton Security Scan for MickeyCage
2019-04-19 20:54 - 2019-04-19 20:54 - 000001548 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2019-04-19 20:54 - 2019-04-19 20:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSSx64
2019-04-19 20:54 - 2019-04-19 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2019-04-19 20:54 - 2019-04-19 20:54 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2019-04-19 20:40 - 2019-04-20 13:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2019-04-19 20:32 - 2019-04-19 20:32 - 000100064 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2019-04-19 20:32 - 2019-04-19 20:32 - 000008585 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2019-04-19 20:32 - 2019-04-19 20:32 - 000003378 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-04-19 20:32 - 2019-04-19 20:32 - 000002315 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-04-19 20:32 - 2019-04-19 20:32 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2019-04-19 20:29 - 2019-04-19 20:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-04-19 20:29 - 2019-04-19 20:29 - 000000000 ____D C:\Program Files\Norton Security
2019-04-19 20:24 - 2019-04-19 20:54 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2019-04-19 20:17 - 2019-04-19 20:19 - 003581912 _____ (Symantec Corporation) C:\Users\MickeyCage\Downloads\NortonNISDownloader.exe
2019-04-19 15:55 - 2019-04-19 15:55 - 000000000 ____D C:\WINDOWS\pss
2019-04-18 20:41 - 2019-04-18 20:41 - 000000083 _____ C:\Users\MickeyCage\Desktop\mailfence.txt
2019-04-18 19:54 - 2019-04-18 19:54 - 000000092 _____ C:\Users\MickeyCage\Desktop\Account Sub.txt
2019-04-18 19:32 - 2019-04-20 13:48 - 000020393 _____ C:\Users\MickeyCage\Desktop\FRST.txt
2019-04-18 19:31 - 2019-04-18 19:33 - 000000000 ____D C:\Users\MickeyCage\Desktop\Account Sub
2019-04-18 17:44 - 2019-04-20 13:45 - 000000000 ____D C:\Users\MickeyCage\Desktop\FRST-OlderVersion
2019-04-18 17:28 - 2019-04-18 17:29 - 000000023 _____ C:\Users\MickeyCage\Downloads\check out superfetch.txt
2019-04-18 17:21 - 2019-04-18 17:21 - 000000041 _____ C:\Users\SurfAndBlaze\Desktop\multipre.txt
2019-04-17 07:39 - 2019-02-13 06:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-04-16 06:29 - 2019-04-18 09:30 - 000000198 _____ C:\Users\SurfAndBlaze\Desktop\outlook.txt
2019-04-11 13:23 - 2019-04-12 22:34 - 000000780 _____ C:\Users\SurfAndBlaze\Desktop\xcopy.txt
2019-04-10 01:21 - 2019-04-02 13:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 01:21 - 2019-04-02 13:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 01:21 - 2019-04-02 13:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 01:21 - 2019-04-02 13:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 01:21 - 2019-04-02 13:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-10 01:21 - 2019-04-02 13:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 01:21 - 2019-04-02 13:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 01:21 - 2019-04-02 13:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 01:21 - 2019-04-02 13:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 01:21 - 2019-04-02 13:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 01:21 - 2019-04-02 13:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 01:21 - 2019-04-02 13:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 01:21 - 2019-04-02 13:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 01:21 - 2019-04-02 13:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 01:21 - 2019-04-02 13:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 01:21 - 2019-04-02 13:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 01:21 - 2019-04-02 10:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 01:21 - 2019-04-02 10:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 01:21 - 2019-04-02 10:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 01:21 - 2019-04-02 10:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 01:21 - 2019-04-02 10:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 01:21 - 2019-04-02 10:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 01:21 - 2019-04-02 10:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 01:21 - 2019-04-02 10:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 01:21 - 2019-04-02 10:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 01:21 - 2019-04-02 09:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 01:21 - 2019-04-02 09:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 01:21 - 2019-04-02 09:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 01:21 - 2019-04-02 09:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 01:21 - 2019-04-02 09:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-10 01:21 - 2019-04-02 09:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-10 01:21 - 2019-04-02 09:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 01:21 - 2019-04-02 09:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-10 01:21 - 2019-04-02 09:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 01:21 - 2019-04-02 09:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 01:21 - 2019-04-02 09:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 01:21 - 2019-04-02 09:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-10 01:21 - 2019-04-02 09:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 01:21 - 2019-04-02 09:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-10 01:21 - 2019-04-02 09:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 01:21 - 2019-04-02 09:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-10 01:21 - 2019-04-02 09:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 01:21 - 2019-04-02 08:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 01:21 - 2019-04-02 08:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-10 01:21 - 2019-04-02 08:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 01:21 - 2019-04-02 08:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 01:21 - 2019-04-02 08:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 01:21 - 2019-04-02 08:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-10 01:21 - 2019-04-02 08:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-10 01:21 - 2019-04-02 08:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 01:21 - 2019-04-02 08:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 01:21 - 2019-04-02 08:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 01:21 - 2019-04-02 08:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 01:21 - 2019-04-02 08:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 01:21 - 2019-04-02 08:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 01:21 - 2019-04-02 08:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 01:21 - 2019-04-02 08:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 01:21 - 2019-04-02 08:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 01:21 - 2019-04-02 08:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 01:21 - 2019-04-02 08:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 01:21 - 2019-04-02 07:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-10 01:21 - 2019-04-02 06:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 01:21 - 2019-04-02 06:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 01:21 - 2019-04-02 06:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 01:21 - 2019-04-02 06:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-10 01:21 - 2019-04-02 06:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 01:21 - 2019-04-02 05:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 01:21 - 2019-04-02 05:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 01:21 - 2019-04-02 05:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 01:21 - 2019-04-02 05:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 01:21 - 2019-04-02 05:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 01:21 - 2019-04-02 05:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-10 01:21 - 2019-04-02 05:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 01:21 - 2019-04-02 05:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 01:21 - 2019-04-02 05:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 01:21 - 2019-04-02 05:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 01:21 - 2019-04-02 05:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 01:21 - 2019-03-16 13:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-10 01:21 - 2019-03-16 10:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-10 01:21 - 2019-03-14 15:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-10 01:21 - 2019-03-14 15:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-10 01:21 - 2019-03-14 15:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-10 01:21 - 2019-03-14 15:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-10 01:21 - 2019-03-14 15:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-10 01:21 - 2019-03-14 15:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-10 01:21 - 2019-03-14 15:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-10 01:21 - 2019-03-14 15:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-10 01:21 - 2019-03-14 15:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-10 01:21 - 2019-03-14 15:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-10 01:21 - 2019-03-14 15:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-10 01:21 - 2019-03-14 15:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-10 01:21 - 2019-03-14 15:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-10 01:21 - 2019-03-14 14:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-10 01:21 - 2019-03-14 14:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-10 01:21 - 2019-03-14 14:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 01:21 - 2019-03-14 14:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-10 01:21 - 2019-03-14 14:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-10 01:21 - 2019-03-14 14:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-10 01:21 - 2019-03-14 09:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-10 01:21 - 2019-03-14 09:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-10 01:21 - 2019-03-14 09:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-10 01:21 - 2019-03-14 09:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-10 01:21 - 2019-03-14 09:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-10 01:21 - 2019-03-14 09:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-10 01:21 - 2019-03-14 09:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-10 01:21 - 2019-03-14 09:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-10 01:21 - 2019-03-14 09:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-10 01:21 - 2019-03-14 09:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-10 01:21 - 2019-03-14 09:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-10 01:21 - 2019-03-14 09:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-10 01:21 - 2019-03-14 09:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-10 01:21 - 2019-03-14 09:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-10 01:21 - 2019-03-14 09:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-10 01:21 - 2019-03-14 09:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-10 01:21 - 2019-03-14 09:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-10 01:21 - 2019-03-14 09:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-10 01:21 - 2019-03-14 09:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-10 01:21 - 2019-03-14 09:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-10 01:21 - 2019-03-14 09:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-10 01:21 - 2019-03-14 09:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 01:21 - 2019-03-14 09:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-10 01:21 - 2019-03-14 09:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-10 01:21 - 2019-03-14 09:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-10 01:21 - 2019-03-14 09:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-10 01:21 - 2019-03-14 09:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-10 01:21 - 2019-03-14 09:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-10 01:21 - 2019-03-14 09:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-10 01:21 - 2019-03-14 09:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-10 01:21 - 2019-03-14 09:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-10 01:21 - 2019-03-14 09:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-10 01:21 - 2019-03-14 09:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-10 01:21 - 2019-03-14 09:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-10 01:21 - 2019-03-14 09:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-10 01:21 - 2019-03-14 09:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-10 01:21 - 2019-03-14 09:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-10 01:21 - 2019-03-14 09:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-10 01:21 - 2019-03-14 09:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-10 01:21 - 2019-03-14 09:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-10 01:21 - 2019-03-14 09:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-10 01:21 - 2019-03-14 09:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-10 01:21 - 2019-03-14 09:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-10 01:21 - 2019-03-14 09:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-10 01:21 - 2019-03-14 09:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 01:21 - 2019-03-14 09:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-10 01:21 - 2019-03-14 09:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-10 01:21 - 2019-03-14 09:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-10 01:21 - 2019-03-14 09:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-10 01:21 - 2019-03-14 09:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-10 01:21 - 2019-03-14 09:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-10 01:21 - 2019-03-14 08:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-10 01:21 - 2019-03-14 08:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-10 01:21 - 2019-03-14 08:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-10 01:21 - 2019-03-14 08:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-10 01:21 - 2019-03-14 08:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-10 01:21 - 2019-03-14 08:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-10 01:21 - 2019-03-14 08:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-10 01:21 - 2019-03-14 08:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-10 01:21 - 2019-03-14 08:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-10 01:21 - 2019-03-14 08:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-10 01:21 - 2019-03-14 08:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-10 01:21 - 2019-03-14 08:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-10 01:21 - 2019-03-14 08:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-10 01:21 - 2019-03-14 08:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-10 01:21 - 2019-03-14 08:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-10 01:21 - 2019-03-14 08:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-10 01:21 - 2019-03-14 08:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-10 01:21 - 2019-03-14 08:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-10 01:21 - 2019-03-14 08:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-10 01:21 - 2019-03-14 08:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-10 01:21 - 2019-03-14 08:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-10 01:21 - 2019-03-14 08:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-10 01:21 - 2019-03-14 08:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-10 01:21 - 2019-03-14 08:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-10 01:21 - 2019-03-14 08:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-10 01:21 - 2019-03-14 08:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-10 01:21 - 2019-03-14 08:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-10 01:21 - 2019-03-14 08:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-10 01:21 - 2019-03-14 08:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-10 01:21 - 2019-03-14 08:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-10 01:21 - 2019-03-14 08:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-10 01:21 - 2019-03-14 08:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-10 01:21 - 2019-03-14 08:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-10 01:21 - 2019-03-14 08:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-10 01:21 - 2019-03-14 08:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 01:21 - 2019-03-14 08:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-10 01:21 - 2019-03-14 08:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-10 01:21 - 2019-03-14 08:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-10 01:21 - 2019-03-14 08:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-10 01:21 - 2019-03-14 08:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-10 01:21 - 2019-03-14 08:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-10 01:21 - 2019-03-14 08:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-10 01:21 - 2019-03-14 08:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-10 01:21 - 2019-03-14 08:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-10 01:21 - 2019-03-14 08:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-10 01:21 - 2019-03-14 08:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-10 01:21 - 2019-03-14 08:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-10 01:21 - 2019-03-14 08:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-10 01:21 - 2019-03-14 08:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-10 01:21 - 2019-03-14 08:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-10 01:21 - 2019-03-14 08:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-10 01:21 - 2019-03-14 02:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 01:21 - 2019-03-14 02:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 01:21 - 2019-03-14 02:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 01:21 - 2019-03-14 02:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 01:21 - 2019-03-14 02:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-08 06:37 - 2019-04-08 06:37 - 007025360 _____ (Malwarebytes) C:\Users\SurfAndBlaze\Downloads\adwcleaner_7.3.exe
2019-04-07 15:10 - 2019-04-07 15:12 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\Linkin Park - Minutes To Midnight (Deluxe Version) (2007-2016) MP3 320 KBPS
2019-04-07 15:03 - 2019-04-07 15:04 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\Linkin Park - Hybrid Theory (Deluxe Edition) (2016) MP3 320 KBPS
2019-04-07 13:39 - 2019-04-07 13:42 - 005373800 _____ C:\Users\SurfAndBlaze\Desktop\DOC.mp4
2019-04-01 21:03 - 2019-04-01 21:03 - 000000000 _____ C:\Users\SurfAndBlaze\Downloads\videoplayback.txt
2019-03-30 10:59 - 2019-03-30 10:59 - 001067685 _____ C:\Users\SurfAndBlaze\Downloads\New_Adlestrop_Railway_Atlas.pdf
2019-03-30 09:14 - 2019-03-30 00:33 - 000127609 _____ C:\Users\SurfAndBlaze\Desktop\leisure_davies.pdf
2019-03-30 00:33 - 2019-03-30 00:33 - 000127609 _____ C:\Users\SurfAndBlaze\Downloads\leisure_davies.pdf
2019-03-27 07:37 - 2019-03-27 07:37 - 000088804 _____ C:\Users\SurfAndBlaze\Downloads\Rules.of.Engagement.S01-S06.720p.WEB-DL.DD5.1.H.264-TL.torrent
2019-03-27 01:16 - 2019-03-27 01:57 - 000000718 _____ C:\Users\SurfAndBlaze\Desktop\sound.txt
2019-03-26 12:03 - 2019-03-26 12:16 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Local\Transmission Remote GUI
2019-03-26 11:49 - 2019-03-26 11:49 - 002239825 _____ (Yury Sidorov & Transmission Remote GUI working group ) C:\Users\SurfAndBlaze\Downloads\transgui-5.16-setup.exe
2019-03-25 11:39 - 2019-03-25 11:40 - 007316688 _____ (Malwarebytes) C:\Users\SurfAndBlaze\Downloads\adwcleaner_7.2.7.0.exe
2019-03-25 11:39 - 2019-03-25 11:39 - 062402408 _____ (Malwarebytes ) C:\Users\SurfAndBlaze\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9800.exe
2019-03-24 20:28 - 2019-03-24 20:28 - 000000869 _____ C:\Users\SurfAndBlaze\Desktop\Start Tor Browser.lnk
2019-03-24 20:28 - 2019-03-24 20:28 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\Tor Browser
2019-03-23 13:26 - 2019-03-23 13:26 - 000001294 _____ C:\Users\SurfAndBlaze\Downloads\root.der
2019-03-23 07:29 - 2019-03-23 07:29 - 023824427 _____ C:\Users\SurfAndBlaze\Downloads\MySQL Beginner Tutorial 1 - Introduction to MySQL.mp4
2019-03-22 12:19 - 2019-03-22 12:19 - 000000447 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-03-22 09:16 - 2019-03-22 09:18 - 037835398 _____ C:\Users\SurfAndBlaze\Documents\0000091.mp4
2019-03-21 21:42 - 2019-03-21 21:42 - 005417309 _____ C:\Users\SurfAndBlaze\Downloads\'I Can Make You A Legend' Tease _ Billions _ Season 4.mp4
2019-03-21 08:51 - 2019-03-22 09:28 - 000000000 ____D C:\Users\SurfAndBlaze\Documents\GIF

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-20 13:47 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-20 13:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-20 13:47 - 2017-10-27 22:22 - 000000000 ____D C:\FRST
2019-04-20 13:45 - 2018-08-30 18:03 - 002434048 _____ (Farbar) C:\Users\MickeyCage\Desktop\FRST64.exe
2019-04-20 13:43 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-20 13:38 - 2017-06-25 03:21 - 000000000 ____D C:\Program Files\Opera
2019-04-20 13:37 - 2017-06-14 02:34 - 000000000 ____D C:\Users\MickeyCage\AppData\Roaming\Skype
2019-04-20 13:35 - 2017-06-14 03:18 - 000000000 ____D C:\Users\MickeyCage\AppData\LocalLow\Mozilla
2019-04-20 13:33 - 2017-06-14 12:47 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-20 13:33 - 2017-06-14 02:34 - 000000000 __SHD C:\Users\MickeyCage\IntelGraphicsProfiles
2019-04-20 13:32 - 2018-05-16 17:39 - 000000000 ____D C:\Users\MickeyCage
2019-04-20 13:30 - 2018-11-30 00:34 - 000000000 ____D C:\WINDOWS\Minidump
2019-04-20 13:30 - 2018-05-16 18:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-20 13:30 - 2018-05-16 17:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-20 13:11 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-20 10:32 - 2017-06-14 03:45 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\LocalLow\Mozilla
2019-04-20 10:17 - 2017-06-14 03:39 - 000000000 __SHD C:\Users\SurfAndBlaze\IntelGraphicsProfiles
2019-04-20 10:14 - 2018-04-11 22:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-04-20 10:10 - 2017-06-15 08:33 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\bk data to hdd
2019-04-20 10:06 - 2017-06-14 03:58 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Roaming\vlc
2019-04-20 07:15 - 2017-10-26 07:18 - 000000000 ____D C:\Users\MickeyCage\AppData\Local\NPE
2019-04-20 07:14 - 2017-06-30 17:16 - 000001404 _____ C:\Users\SurfAndBlaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2019-04-20 07:03 - 2017-06-13 19:40 - 000000000 ____D C:\ProgramData\NortonInstaller
2019-04-20 07:01 - 2017-06-19 01:58 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Roaming\FileZilla
2019-04-20 02:57 - 2019-02-22 10:17 - 000000000 ____D C:\Program Files (x86)\NordVPN
2019-04-20 02:50 - 2018-01-08 00:13 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\Torrent DL
2019-04-19 23:40 - 2018-05-16 17:39 - 000000000 ____D C:\Users\SurfAndBlaze
2019-04-19 20:54 - 2017-06-13 19:39 - 000000000 ____D C:\ProgramData\Norton
2019-04-19 20:35 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-19 20:32 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-19 20:20 - 2017-06-14 13:58 - 000001353 _____ C:\Users\MickeyCage\Desktop\Norton Installation Files.lnk
2019-04-19 20:20 - 2017-06-14 02:46 - 000000000 ____D C:\Users\Public\Downloads\Norton
2019-04-19 20:12 - 2018-05-16 17:54 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-19 20:12 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-19 20:07 - 2017-06-13 19:40 - 000000000 ____D C:\Program Files\Norton Internet Security
2019-04-19 18:30 - 2017-08-24 17:53 - 000000000 ____D C:\AdwCleaner
2019-04-19 18:30 - 2017-06-27 02:50 - 000000000 ____D C:\Users\MickeyCage\AppData\Local\CrashDumps
2019-04-19 18:28 - 2017-11-03 03:20 - 000000830 _____ C:\Users\MickeyCage\Desktop\JRT.txt
2019-04-19 16:12 - 2017-10-26 19:23 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-04-19 07:08 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-18 17:51 - 2018-09-03 05:32 - 000040151 _____ C:\Users\MickeyCage\Desktop\Addition.txt
2019-04-18 01:50 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-18 01:42 - 2018-02-26 19:38 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Local\MEGAsync
2019-04-16 09:52 - 2018-02-26 20:09 - 000000000 ____D C:\Users\SurfAndBlaze\Documents\MEGAsync Downloads
2019-04-14 20:01 - 2017-06-17 12:42 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Local\CrashDumps
2019-04-14 12:58 - 2017-11-11 16:17 - 000000000 ____D C:\Users\SurfAndBlaze\Mp3tag
2019-04-13 22:00 - 2017-06-15 10:40 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\[-IMPORTANT-] Job-Search-Signup-text-Files
2019-04-13 00:00 - 2018-07-17 22:45 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\ssd SWAPAGE-Disk-Cange-Over
2019-04-11 08:17 - 2018-05-18 22:41 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Local\vidcutter
2019-04-11 05:01 - 2018-03-29 11:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 04:16 - 2018-05-16 17:32 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-10 04:12 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-10 04:12 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-10 04:12 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 01:20 - 2017-06-14 11:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 01:12 - 2017-06-14 11:23 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-07 13:31 - 2017-06-14 13:13 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Local\ConnectedDevicesPlatform
2019-04-05 19:05 - 2018-11-17 12:58 - 000000000 ____D C:\Program Files\rempl
2019-04-01 23:27 - 2018-05-18 19:16 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\EXPERIMENTAL TRANSCODING
2019-04-01 18:51 - 2018-11-14 03:13 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 18:51 - 2018-11-14 03:13 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-31 12:04 - 2018-05-16 20:23 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Local\PlaceholderTileLogoFolder
2019-03-30 10:59 - 2017-10-30 21:12 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Local\Packages
2019-03-25 10:27 - 2019-02-14 02:54 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-25 01:48 - 2017-07-31 09:11 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\TABSESSIONS
2019-03-24 20:28 - 2017-06-14 03:58 - 000000917 _____ C:\Users\SurfAndBlaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2019-03-23 21:49 - 2017-09-29 20:07 - 000000000 ____D C:\Users\SurfAndBlaze\.get_iplayer
2019-03-23 19:07 - 2017-09-14 20:56 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Roaming\avidemux
2019-03-23 02:35 - 2017-10-30 21:14 - 000000000 ____D C:\Users\MickeyCage\AppData\Local\Packages
2019-03-23 02:05 - 2018-09-20 07:52 - 000000000 ____D C:\Users\SurfAndBlaze\Desktop\[==PRODUCT REVIEWS==]
2019-03-22 09:20 - 2017-06-14 21:07 - 000000000 ____D C:\Program Files\Common Files\AV
2019-03-22 09:14 - 2017-07-07 17:42 - 000000000 ____D C:\Users\SurfAndBlaze\AppData\Roaming\HandBrake
2019-03-21 13:22 - 2018-02-02 15:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2018-05-16 17:32
==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.04.2019 01
Ran by MickeyCage (20-04-2019 13:49:32)
Running from C:\Users\MickeyCage\Desktop
Windows 10 Home Version 1803 17134.706 (X64) (2018-05-16 17:13:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3000172399-2907617184-3595842285-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3000172399-2907617184-3595842285-503 - Limited - Disabled)
Guest (S-1-5-21-3000172399-2907617184-3595842285-501 - Limited - Disabled)
MickeyCage (S-1-5-21-3000172399-2907617184-3595842285-1001 - Administrator - Enabled) => C:\Users\MickeyCage
SurfAndBlaze (S-1-5-21-3000172399-2907617184-3595842285-1002 - Limited - Enabled) => C:\Users\SurfAndBlaze
Little-Rights-For-U (S-1-5-21-3000172399-2907617184-3595842285-1003 - Limited - Enabled) => C:\Users\Little-Rights-For-U
WDAGUtilityAccount (S-1-5-21-3000172399-2907617184-3595842285-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
AMT - Auto-Movie-Thumbnailer (HKLM-x32\...\AMT) (Version: 9.0 - Karsten Funk)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Boilsoft Video Joiner 8.01 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version:  - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version:  - Boilsoft, Inc.)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.900 - Broadcom Corporation)
Crucial Storage Executive (HKU\S-1-5-21-3000172399-2907617184-3595842285-1001\...\Crucial Storage Executive 3.55.032018.04) (Version: 3.55.032018.04 - Crucial)
CrystalDiskInfo 7.5.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.2 - Crystal Dew World)
FileZilla Client 3.41.2 (HKLM-x32\...\FileZilla Client) (Version: 3.41.2 - Tim Kosse)
get_iplayer (HKLM-x32\...\get_iplayer) (Version: 2.96.0 - )
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 33.1.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 33.1.0 - Moritz Bunkus)
Mozilla Firefox 65.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 65.0.2 (x64 en-GB)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NFOlux (HKLM-x32\...\NFOlux) (Version:  - )
NFOPad 1.72 (HKLM-x32\...\NFOPad) (Version: 1.72 - True Human Design)
NordVPN (HKLM-x32\...\{EF750CE9-E908-457F-8B07-456F39CE757A}) (Version: 6.20.12 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.20.12) (Version: 6.20.12 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Norton Internet Security (HKLM-x32\...\NGC) (Version: 22.17.0.183 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.179 - Symantec Corporation)
Opera Stable 48.0.2685.39 (HKLM-x32\...\Opera 48.0.2685.39) (Version: 48.0.2685.39 - Opera Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.7.0.0 - den4b Team)
Reolink Client version 7.2.2.18 (HKLM-x32\...\{992EF7D5-3D70-6E7F-AFDC-8C946676BD6E}_is1) (Version: 7.2.2.18 - )
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
Thumbnail me 3.0 (HKU\S-1-5-21-3000172399-2907617184-3595842285-1001\...\Thumbnail me 3.0) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
VidCutter (HKLM\...\{CCDC440A-CC57-4BED-8CDE-1DA285976A64}_is1) (Version: 5.5.0.0 - Pete Alexandrou)
Video Thumbnails Maker by Scorp (remove only) (HKLM-x32\...\Video Thumbnails Maker) (Version:  - )
Viscosity 1.7.6 (1540) (HKLM\...\{CC85567E-DC83-4BB5-AD77-D84514C0D059}_is1) (Version: 1.7.6.1540 - SparkLabs)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
WinHTTrack Website Copier 3.49-2 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 5.50 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.3 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3000172399-2907617184-3595842285-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MickeyCage\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3000172399-2907617184-3595842285-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\SurfAndBlaze\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-12] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-06-13 05:49 - 2019-03-25 10:27 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-06-13 05:49 - 2019-03-25 10:27 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-06-13 05:49 - 2019-03-25 10:27 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-06-13 05:49 - 2019-03-25 10:27 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-06-13 05:49 - 2019-03-25 10:27 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-06-13 05:49 - 2019-03-25 10:27 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-06-13 05:49 - 2019-03-25 10:27 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-14 02:53 - 2019-03-25 10:27 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-14 02:53 - 2019-03-25 10:27 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-25 10:27 - 2019-03-25 10:27 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-25 10:27 - 2019-03-25 10:27 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-06-13 05:49 - 2019-03-25 10:27 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-25 10:27 - 2019-03-25 10:27 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-25 10:27 - 2019-03-25 10:27 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-25 10:27 - 2019-03-25 10:27 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-25 10:27 - 2019-03-25 10:27 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-25 10:27 - 2019-03-25 10:27 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-25 10:27 - 2019-03-25 10:27 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-25 10:27 - 2019-03-25 10:27 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2017-06-06 16:35 - 2017-06-06 16:35 - 027562496 ____R (Skype Technologies S.A.) [File not signed] C:\Program Files (x86)\Skype\Phone\SkypeSkylib.dll
2017-05-31 11:41 - 2017-05-31 11:41 - 001982976 ____R () [File not signed] C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-06-06 16:29 - 2017-06-06 16:29 - 000615424 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPal.dll
2017-06-06 16:30 - 2017-06-06 16:30 - 002629632 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmCodecs.dll
2017-06-06 16:35 - 2017-06-06 16:35 - 000935936 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmMediaManager.dll
2017-06-06 16:35 - 2017-06-06 16:35 - 000077312 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2017-06-06 16:34 - 2017-06-06 16:34 - 010562560 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPltfm.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts


2019-03-22 12:19 - 2019-03-22 12:19 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3000172399-2907617184-3595842285-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 188.162.6.200 - 188.164.7.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-3000172399-2907617184-3595842285-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E4DD3443-99B2-4192-B784-B3B787BB96A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{AD2E9170-46A3-4171-8554-40BDF710FA61}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9813462F-C50B-49C4-9AF8-9CDA82D6A847}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1EB7853A-7760-4F6F-859C-548BA00B53A4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B72B2BDA-B252-44AE-8669-854B73D59B1B}] => (Allow) C:\Program Files\Opera\48.0.2685.35\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{EC1F0200-8CEB-4AB8-B95A-EAB9A22BD621}] => (Allow) C:\Program Files\Opera\48.0.2685.39\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{0600C037-8B9F-46E9-AF61-0355F093F4C2}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A1F5EEF0-6C29-455E-9E1A-B6DD1A373F76}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)

==================== Restore Points =========================

20-04-2019 04:07:41 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2019 01:19:01 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3752,D,0) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 17, PgnoRoot: 65) of database C:\WINDOWS\system32\SRU\SRUDB.dat (65 => 16260, 0).

Error: (04/20/2019 01:19:01 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3752,D,0) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 17, PgnoRoot: 65) of database C:\WINDOWS\system32\SRU\SRUDB.dat (65 => 16260, 0).

Error: (04/20/2019 12:18:03 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3752,D,0) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 17, PgnoRoot: 65) of database C:\WINDOWS\system32\SRU\SRUDB.dat (65 => 16260, 0).

Error: (04/20/2019 12:18:03 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3752,D,0) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 17, PgnoRoot: 65) of database C:\WINDOWS\system32\SRU\SRUDB.dat (65 => 16260, 0).

Error: (04/20/2019 11:19:08 AM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3752,T,97) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 17, PgnoRoot: 65) of database C:\WINDOWS\system32\SRU\SRUDB.dat (65 => 16260, 0).

Error: (04/20/2019 11:19:08 AM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3752,T,97) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 17, PgnoRoot: 65) of database C:\WINDOWS\system32\SRU\SRUDB.dat (65 => 16260, 0).

Error: (04/20/2019 10:40:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 10.0.17134.1, time stamp: 0x37c688c7
Faulting module name: Rtlihvs.dll, version: 704.10.727.2017, time stamp: 0x597edaff
Exception code: 0xc0000005
Fault offset: 0x0000000000079db2
Faulting process ID: 0xbb8
Faulting application start time: 0x01d4f759aecc94c3
Faulting application path: C:\WINDOWS\system32\WLANExt.exe
Faulting module path: C:\WINDOWS\system32\Rtlihvs.dll
Report ID: f6a3c3f2-a575-437b-ac1e-d12aa2156b11
Faulting package full name:
Faulting package-relative application ID:

Error: (04/20/2019 10:16:04 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR

DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Critical Policy [0]


System errors:
=============
Error: (04/20/2019 01:38:55 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xffff848070bf4010, 0x00000000000000ff, 0x0000000000000000, 0xfffff802d05995ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: c713c41d-f4a2-426f-8173-b150f8294855.

Error: (04/20/2019 01:36:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2019 01:36:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2019 01:35:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2019 01:33:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2019 01:31:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The nordvpn-service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/20/2019 01:31:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the nordvpn-service service to connect.

Error: (04/20/2019 01:30:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:27:04 on ‎20/‎04/‎2019 was unexpected.


Windows Defender:
===================================
Date: 2019-04-19 20:01:50.843
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.85.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2019-04-19 20:01:50.842
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.85.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2019-04-19 20:01:50.842
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.85.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2019-04-19 20:00:58.259
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.85.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x8024401c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-04-19 18:40:57.054
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2019-02-15 04:45:58.706
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-15 04:45:58.668
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-15 04:45:58.621
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-31 20:42:02.329
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-31 20:42:02.250
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-28 09:00:43.109
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.16.0.247\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-28 09:00:43.077
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.16.0.247\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-28 09:00:43.016
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Internet Security\Norton Internet Security\Engine\22.16.0.247\BuShell.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i3-5157U CPU @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 8114.26 MB
Available physical RAM: 3747.02 MB
Total Virtual: 10930.26 MB
Available Virtual: 6382.65 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.55 GB) (Free:24.36 GB) NTFS

\\?\Volume{cae1ce6d-bf3f-4610-b7c7-5608b8f890cb}\ () (Fixed) (Total:0.88 GB) (Free:0.31 GB) NTFS
\\?\Volume{9e7b03ff-d273-4ad6-a900-8900583b36a1}\ (RECOVERY) (Fixed) (Total:16.7 GB) (Free:1.7 GB) NTFS
\\?\Volume{3c0a2866-5245-4d2e-ad6f-3ab25fa8afb2}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F10E4070)

Partition: GPT.

==================== End of Addition.txt ============================


    Advertisements

Register to Remove

#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 21 April 2019 - 05:57 AM

You know, this could boil down to something running in the background causing this (Symantec/Nortons trying to update or Windows updates that has to stop when you disconnect from the internet) but what I can do is make sure it's not related to malware.

When you notice this going on with your mouse, open task manager, click on the processes tab (I think, I don't use windows 10), let's see if we can find something thats pulling a large amount of CPU.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

 

Start::
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-18\...\Run: [] => [X]
ShortcutTarget: MEGAsync.lnk -> C:\Users\MickeyCage\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3000172399-2907617184-3595842285-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MickeyCage\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
C:\Windows\Temp\*.*
Emptytemp:
End::



Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
If you don't have Malwarebytes 3 installed yet please download it from here and install it. download the Malwarebytes Anti-Malware
Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.

You might need to temporarily disable Nortons to run these tools, it doesn't play well with others.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
  • Once the extraction is complete, the EEK folder will open. Right-click on G0tu5D9.pngstart emergency kit scanner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, open EEK again (in the C:\EEK folder);
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Please post these 3 logs when finished.

Also, tell me how the computer is now.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 26 April 2019 - 03:03 PM

bump
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 02 May 2019 - 03:29 AM

This topic is closed due to lack of feedback.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: hacked, spyware, windows 10, keylogger, malware, trojan

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·