Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old June 19th, 2019, 08:22 AM
gwilym gwilym is offline
Senior Member
 
Join Date: Oct 2002
O/S: Windows 7 64-bit
Location: talacre wales
Age: 72
Posts: 837
ytd downloader problem

I downloaded ytd downloader, after I opened it , it said my free trial had expiered. I went to add/remove programs and uninstalled it. It left bits of ytg all over the place.I went to task maneger and it was there, I ended task now I cant see it anymore but feel it,s not completely uninstalled. Is there any way of getting rid of it.
Reply With Quote


  #2  
Old June 19th, 2019, 04:34 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,851
Howdy gwil,


Let's take a look.



For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

Use extra posts here as needed.
Reply With Quote
  #3  
Old June 20th, 2019, 09:27 AM
gwilym gwilym is offline
Senior Member
 
Join Date: Oct 2002
O/S: Windows 7 64-bit
Location: talacre wales
Age: 72
Posts: 837
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2019
Ran by gwily (administrator) on GWIL47 (LENOVO 80SM) (19-06-2019 19:30:28)
Running from C:\Users\gwily\Desktop
Loaded Profiles: gwily (Available Profiles: defaultuser0 & gwily & gwil1947 & defaultuser1)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19 041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.ex e
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.114 11.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent 64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Conexant Systems, Inc.) [File not signed] C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2Toast.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igd lh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igd lh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igd lh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igd lh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern .ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern .ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe
(LENOVO -> Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSD Package\x64\utility.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\gwily\AppData\Local\Microsoft\OneDrive\On eDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x6 4__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRu ntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MpCmdRun.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] (Dolby Laboratories, Inc. -> )
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent 64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSD Package\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-08] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F8E9755-7CAD-43B8-97AB-9D8A3AAFF969} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [1448480 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {1986D1AF-1117-4E4F-9A06-64C335B0836C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.)
Task: {204E92E9-D64B-4D0A-914F-C6D33B47E57B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink)
Task: {22CFB476-7BD5-4114-8592-6970B3006D69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25D6F4E3-F5E6-40A2-99D8-BD817E13AF98} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112664 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {2FC0AE1C-DA41-40B0-AB4E-9106FD0C4FE3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [1448480 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {47FD7720-1A17-484A-A43B-DAA7D19F59BA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {4FE1B802-C16D-4A47-A5E3-611D923E8125} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {508A3627-5B9D-4443-960B-9CB3E1DDAE15} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5B60C38D-0017-4B65-9A66-CE1880239B24} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-07-14] (CyberLink Corp. -> CyberLink Corp.)
Task: {6EE9C3C1-E9F4-424F-AE5C-2126FDDACEAF} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {85B5B4FB-F0AB-4678-8468-31435042E5AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9A2D0734-797A-43D7-A3A5-073A80160263} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112664 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BD6B23C-3249-42DC-927E-DE0BDB823628} - System32\Tasks\Lenovo\ImController\TimeBasedEvents \d6b440a5-8612-4d74-9703-3f76d6e27809 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {AA00D659-5560-4820-B2F5-23903501B827} - System32\Tasks\Lenovo\ImController\TimeBasedEvents \86dfb2ae-21e2-40c9-9330-37be7273aeff => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {C1CFF178-662C-479A-8339-B075139BDBD4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C459358B-9F10-422D-8E4C-FAD3CDB1E72A} - System32\Tasks\Lenovo\ImController\Plugins\LenovoS ystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {D0F79706-B788-4963-B5DF-B22F39C5614D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26167288 2019-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4E63040-DA0F-4641-80CC-58405A94A7AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26167288 2019-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F39FC4E8-57FC-47A3-A21C-A6353E9CB870} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F84434DB-C13F-40CC-9FAE-9FCB244CABFD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents \28e97aaf-3d6e-4fba-a8ea-e6aab81125ab => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ad9bf472-42f9-4f91-8e15-b47170d73d40}: [DhcpNameServer] 150.212.1.2
Tcpip\..\Interfaces\{b4fddea1-9512-49ad-8972-7e7d3e96ec44}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1454482426-1969502132-749836352-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&dcr=0&ei=PvroWbaLIY7VXr3YnvgJ
HKU\S-1-5-21-1454482426-1969502132-749836352-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1454482426-1969502132-749836352-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-04] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1 .dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR HKU\S-1-5-21-1454482426-1969502132-749836352-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [ofhflkcfkbgjpodgmcdcmkdpfabieode] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1454482426-1969502132-749836352-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [oknbbfglleniifhfokkamioogejffnfc] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11146224 2019-06-06] (Microsoft Corporation -> Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [File not signed]
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [154816 2016-07-18] (Dolby Laboratories, Inc. -> )
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-15] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [431960 2015-09-15] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258648 2018-01-06] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2355544 2018-07-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-05] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3150344 2016-10-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-19 19:30 - 2019-06-19 19:31 - 000020716 _____ C:\Users\gwily\Desktop\FRST.txt
2019-06-19 19:30 - 2019-06-19 19:30 - 000000000 ____D C:\FRST
2019-06-19 19:24 - 2019-06-19 19:24 - 002418688 _____ (Farbar) C:\Users\gwily\Desktop\FRST64.exe
2019-06-19 07:22 - 2019-06-19 07:22 - 000001060 _____ C:\Users\gwily\Desktop\videos 1 - Shortcut.lnk
2019-06-18 19:36 - 2019-06-18 19:36 - 000000000 ____D C:\Users\gwily\Desktop\videos 1
2019-06-17 13:25 - 2019-06-17 13:26 - 000000000 ____D C:\Users\defaultuser1.GWIL47\AppData\Local\Package s
2019-06-17 13:25 - 2019-06-17 13:25 - 000000020 ___SH C:\Users\defaultuser1.GWIL47\ntuser.ini
2019-06-17 13:25 - 2019-06-17 13:25 - 000000000 ____D C:\Users\defaultuser1.GWIL47\AppData\Local\Virtual Store
2019-06-17 13:25 - 2019-06-17 13:25 - 000000000 ____D C:\Users\defaultuser1.GWIL47\AppData\Local\Intel
Reply With Quote
  #4  
Old June 20th, 2019, 09:29 AM
gwilym gwilym is offline
Senior Member
 
Join Date: Oct 2002
O/S: Windows 7 64-bit
Location: talacre wales
Age: 72
Posts: 837
(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-19 19:30 - 2019-06-19 19:31 - 000020716 _____ C:\Users\gwily\Desktop\FRST.txt
2019-06-19 19:30 - 2019-06-19 19:30 - 000000000 ____D C:\FRST
2019-06-19 19:24 - 2019-06-19 19:24 - 002418688 _____ (Farbar) C:\Users\gwily\Desktop\FRST64.exe
2019-06-19 07:22 - 2019-06-19 07:22 - 000001060 _____ C:\Users\gwily\Desktop\videos 1 - Shortcut.lnk
2019-06-18 19:36 - 2019-06-18 19:36 - 000000000 ____D C:\Users\gwily\Desktop\videos 1
2019-06-17 13:25 - 2019-06-17 13:26 - 000000000 ____D C:\Users\defaultuser1.GWIL47\AppData\Local\Package s
2019-06-17 13:25 - 2019-06-17 13:25 - 000000020 ___SH C:\Users\defaultuser1.GWIL47\ntuser.ini
2019-06-17 13:25 - 2019-06-17 13:25 - 000000000 ____D C:\Users\defaultuser1.GWIL47\AppData\Local\Virtual Store
2019-06-17 13:25 - 2019-06-17 13:25 - 000000000 ____D C:\Users\defaultuser1.GWIL47\AppData\Local\Intel
2019-06-17 13:25 - 2019-06-17 13:25 - 000000000 ____D C:\Users\defaultuser1.GWIL47\AppData\Local\Connect edDevicesPlatform
2019-06-17 13:25 - 2019-06-17 13:25 - 000000000 ____D C:\Users\defaultuser1.GWIL47
2019-06-17 13:25 - 2018-04-12 00:34 - 000001105 _____ C:\Users\defaultuser1.GWIL47\AppData\Roaming\Micro soft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-14 21:54 - 2019-06-14 21:54 - 000000000 ___HD C:\OneDriveTemp
2019-06-12 17:45 - 2019-05-31 02:57 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-06-12 17:45 - 2019-05-31 02:57 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-06-11 19:25 - 2019-06-07 12:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-11 19:25 - 2019-06-07 06:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2019-06-11 19:25 - 2019-06-07 06:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2019-06-11 19:25 - 2019-06-07 06:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-11 19:25 - 2019-06-07 06:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-11 19:25 - 2019-06-07 06:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-11 19:25 - 2019-06-07 06:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-11 19:25 - 2019-05-17 07:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-11 19:25 - 2019-05-17 06:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-11 19:24 - 2019-06-07 12:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-11 19:24 - 2019-06-07 11:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-11 19:24 - 2019-06-07 11:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-11 19:24 - 2019-06-07 11:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-11 19:24 - 2019-06-07 11:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-11 19:24 - 2019-06-07 11:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-11 19:24 - 2019-06-07 11:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-11 19:24 - 2019-06-07 11:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-11 19:24 - 2019-06-07 11:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-11 19:24 - 2019-06-07 11:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-11 19:24 - 2019-06-07 11:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-11 19:24 - 2019-06-07 11:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-11 19:24 - 2019-06-07 11:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-11 19:24 - 2019-06-07 11:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-11 19:24 - 2019-06-07 11:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-11 19:24 - 2019-06-07 07:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-11 19:24 - 2019-06-07 07:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-11 19:24 - 2019-06-07 06:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-11 19:24 - 2019-06-07 06:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-11 19:24 - 2019-06-07 06:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-11 19:24 - 2019-06-07 06:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-11 19:24 - 2019-06-07 06:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-11 19:24 - 2019-06-07 06:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-11 19:24 - 2019-06-07 06:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-11 19:24 - 2019-06-07 06:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-11 19:24 - 2019-06-07 06:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-11 19:24 - 2019-06-07 06:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-11 19:24 - 2019-06-07 06:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-11 19:24 - 2019-06-07 06:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-11 19:24 - 2019-06-07 06:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-11 19:24 - 2019-06-07 06:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-11 19:24 - 2019-06-07 06:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-07 06:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-11 19:24 - 2019-06-07 06:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-11 19:24 - 2019-06-07 06:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-11 19:24 - 2019-06-07 06:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-11 19:24 - 2019-06-07 06:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-11 19:24 - 2019-06-07 06:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-11 19:24 - 2019-06-07 06:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-11 19:24 - 2019-06-07 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-11 19:24 - 2019-06-07 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-11 19:24 - 2019-06-07 06:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-11 19:24 - 2019-06-07 06:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-11 19:24 - 2019-06-07 06:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-11 19:24 - 2019-06-07 06:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-11 19:24 - 2019-06-07 06:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-11 19:24 - 2019-06-07 06:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-11 19:24 - 2019-06-07 06:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-07 06:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-11 19:24 - 2019-06-07 06:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-11 19:24 - 2019-06-07 06:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-11 19:24 - 2019-06-07 06:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-11 19:24 - 2019-06-07 06:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-11 19:24 - 2019-06-07 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-11 19:24 - 2019-06-07 06:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-11 19:24 - 2019-06-07 06:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-11 19:24 - 2019-06-07 06:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-11 19:24 - 2019-06-07 06:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-07 06:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-11 19:24 - 2019-06-07 06:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-11 19:24 - 2019-06-07 06:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-11 19:24 - 2019-06-07 06:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-11 19:24 - 2019-06-07 06:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-11 19:24 - 2019-06-07 06:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-11 19:24 - 2019-06-07 06:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-11 19:24 - 2019-06-07 06:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-11 19:24 - 2019-06-07 06:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-11 19:24 - 2019-06-07 06:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-11 19:24 - 2019-06-07 06:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-07 06:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-11 19:24 - 2019-06-07 06:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-11 19:24 - 2019-06-07 06:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2019-06-11 19:24 - 2019-06-07 06:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2019-06-11 19:24 - 2019-06-07 06:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-11 19:24 - 2019-06-07 06:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-11 19:24 - 2019-06-07 06:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-11 19:24 - 2019-06-07 06:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-11 19:24 - 2019-06-07 06:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-11 19:24 - 2019-06-07 06:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-11 19:24 - 2019-06-07 06:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-11 19:24 - 2019-06-07 06:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-11 19:24 - 2019-06-07 06:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-11 19:24 - 2019-06-07 06:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-11 19:24 - 2019-06-07 06:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-11 19:24 - 2019-06-07 06:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-11 19:24 - 2019-06-07 06:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-11 19:24 - 2019-06-07 05:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2019-06-11 19:24 - 2019-05-18 23:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-11 19:24 - 2019-05-18 23:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-11 19:24 - 2019-05-18 23:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-11 19:24 - 2019-05-18 23:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-11 19:24 - 2019-05-17 13:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-11 19:24 - 2019-05-17 13:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-11 19:24 - 2019-05-17 13:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-11 19:24 - 2019-05-17 13:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-11 19:24 - 2019-05-17 13:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-11 19:24 - 2019-05-17 13:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-11 19:24 - 2019-05-17 13:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-11 19:24 - 2019-05-17 13:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller .exe
2019-06-11 19:24 - 2019-05-17 13:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-11 19:24 - 2019-05-17 13:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-11 19:24 - 2019-05-17 13:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-11 19:24 - 2019-05-17 13:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dl l
2019-06-11 19:24 - 2019-05-17 13:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-11 19:24 - 2019-05-17 13:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-11 19:24 - 2019-05-17 13:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-11 19:24 - 2019-05-17 13:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-11 19:24 - 2019-05-17 13:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-11 19:24 - 2019-05-17 13:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-11 19:24 - 2019-05-17 13:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-11 19:24 - 2019-05-17 13:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-11 19:24 - 2019-05-17 13:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-11 19:24 - 2019-05-17 12:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-11 19:24 - 2019-05-17 12:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-11 19:24 - 2019-05-17 12:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-11 19:24 - 2019-05-17 12:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-11 19:24 - 2019-05-17 12:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-11 19:24 - 2019-05-17 12:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-11 19:24 - 2019-05-17 12:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-11 19:24 - 2019-05-17 12:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-11 19:24 - 2019-05-17 10:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapt ure.dll
2019-06-11 19:24 - 2019-05-17 09:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapt ure.dll
2019-06-11 19:24 - 2019-05-17 08:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-11 19:24 - 2019-05-17 07:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-11 19:24 - 2019-05-17 07:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-11 19:24 - 2019-05-17 07:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-11 19:24 - 2019-05-17 07:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-11 19:24 - 2019-05-17 07:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-11 19:24 - 2019-05-17 07:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-11 19:24 - 2019-05-17 07:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-11 19:24 - 2019-05-17 07:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-11 19:24 - 2019-05-17 07:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-11 19:24 - 2019-05-17 07:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-11 19:24 - 2019-05-17 07:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-11 19:24 - 2019-05-17 07:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-11 19:24 - 2019-05-17 07:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-11 19:24 - 2019-05-17 07:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-11 19:24 - 2019-05-17 07:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-11 19:24 - 2019-05-17 07:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-11 19:24 - 2019-05-17 07:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-11 19:24 - 2019-05-17 07:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-11 19:24 - 2019-05-17 07:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-11 19:24 - 2019-05-17 07:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-11 19:24 - 2019-05-17 07:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-11 19:24 - 2019-05-17 07:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-11 19:24 - 2019-05-17 07:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-11 19:24 - 2019-05-17 07:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-11 19:24 - 2019-05-17 07:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-11 19:24 - 2019-05-17 07:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-11 19:24 - 2019-05-17 07:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-11 19:24 - 2019-05-17 07:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-11 19:24 - 2019-05-17 07:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-11 19:24 - 2019-05-17 07:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-11 19:24 - 2019-05-17 07:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-11 19:24 - 2019-05-17 07:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-11 19:24 - 2019-05-17 07:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-11 19:24 - 2019-05-17 07:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-11 19:24 - 2019-05-17 07:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-11 19:24 - 2019-05-17 07:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-11 19:24 - 2019-05-17 07:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-11 19:24 - 2019-05-17 07:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-11 19:24 - 2019-05-17 07:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-11 19:24 - 2019-05-17 07:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-11 19:24 - 2019-05-17 07:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-11 19:24 - 2019-05-17 07:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-11 19:24 - 2019-05-17 07:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-11 19:24 - 2019-05-17 07:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-11 19:24 - 2019-05-17 07:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-11 19:24 - 2019-05-17 07:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-11 19:24 - 2019-05-17 07:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-11 19:24 - 2019-05-17 07:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-11 19:24 - 2019-05-17 07:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-11 19:24 - 2019-05-17 07:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-11 19:24 - 2019-05-17 07:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-11 19:24 - 2019-05-17 07:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-11 19:24 - 2019-05-17 06:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-11 19:24 - 2019-05-17 06:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-11 19:24 - 2019-05-17 06:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-11 19:24 - 2019-05-17 06:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-11 19:24 - 2019-05-17 06:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-11 19:24 - 2019-05-17 06:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-11 19:24 - 2019-05-17 06:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-11 19:24 - 2019-05-17 06:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-11 19:24 - 2019-05-17 06:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-11 19:24 - 2019-05-17 06:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-11 19:24 - 2019-05-17 06:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-11 19:24 - 2019-05-17 06:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-11 19:24 - 2019-05-17 06:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-11 19:24 - 2019-05-17 06:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-11 19:24 - 2019-05-17 06:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-11 19:24 - 2019-05-17 06:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-11 19:24 - 2019-05-17 06:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-11 19:24 - 2019-05-17 06:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-11 19:24 - 2019-05-17 06:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-11 19:24 - 2019-05-17 06:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-11 19:24 - 2019-05-17 06:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-11 19:24 - 2019-05-17 06:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-11 19:24 - 2019-05-17 06:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-11 19:24 - 2019-05-17 06:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-11 19:24 - 2019-05-17 06:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-11 19:24 - 2019-05-17 06:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-11 19:24 - 2019-05-17 06:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-11 19:24 - 2019-05-17 06:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-11 19:24 - 2019-05-17 06:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-11 19:24 - 2019-05-17 06:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-11 19:24 - 2019-05-17 06:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-11 19:24 - 2019-05-17 06:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-11 19:24 - 2019-05-17 06:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-11 19:24 - 2019-05-17 06:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-11 19:24 - 2019-05-17 06:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-11 19:24 - 2019-05-17 06:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-08 08:21 - 2019-02-13 06:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-06-07 08:16 - 2019-06-07 08:16 - 000002638 _____ C:\Users\gwily\Desktop\Welcome - ScottishPower.url
2019-05-20 20:39 - 2019-05-17 07:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-20 20:39 - 2019-05-17 07:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-20 20:39 - 2019-05-17 07:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-20 20:39 - 2019-05-17 07:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-19 19:21 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-19 19:20 - 2017-11-19 22:05 - 000000000 ___HD C:\Users\gwily\MicrosoftEdgeBackups
2019-06-19 19:13 - 2018-05-23 21:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-18 11:45 - 2017-07-07 21:52 - 000000000 ____D C:\Program Files\UNP
2019-06-18 10:20 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-18 10:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-16 18:39 - 2017-08-30 18:28 - 000000000 ____D C:\Users\gwily\Desktop\screen pics
2019-06-16 09:48 - 2017-07-09 11:17 - 000000000 ___RD C:\Users\gwily\Desktop\Lots of Photos
2019-06-15 12:57 - 2017-03-11 12:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-06-15 07:42 - 2017-07-08 17:22 - 000000000 ___RD C:\Users\gwily\Desktop\stuff
2019-06-14 21:54 - 2017-07-07 19:57 - 000000000 ___RD C:\Users\gwily\OneDrive
2019-06-14 20:10 - 2017-07-07 19:53 - 000000000 __SHD C:\Users\gwily\IntelGraphicsProfiles
2019-06-14 20:09 - 2018-05-23 21:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-14 20:09 - 2018-04-11 22:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-06-14 18:53 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-13 08:21 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-06-12 18:21 - 2018-05-23 21:48 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-12 17:46 - 2017-11-19 22:04 - 000000000 ___RD C:\Users\gwily\3D Objects
2019-06-12 17:46 - 2016-07-29 18:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 17:45 - 2018-05-23 21:28 - 000437984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-12 17:42 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-12 17:42 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-12 17:42 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-12 17:42 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-11 19:23 - 2017-07-07 21:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-11 19:08 - 2017-07-07 21:49 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-09 21:47 - 2017-12-20 18:52 - 000000000 ____D C:\Users\gwily\AppData\Local\ElevatedDiagnostics
2019-06-08 15:25 - 2018-05-23 21:56 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1454482426-1969502132-749836352-1001
2019-06-08 15:25 - 2018-05-23 21:36 - 000002370 _____ C:\Users\gwily\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\OneDrive.lnk
2019-06-05 13:52 - 2018-02-14 18:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-05-20 16:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories ================

2018-06-14 12:16 - 2018-06-14 12:16 - 000207242 _____ () C:\Users\gwily\AppData\Local\ars.cache
2018-06-14 12:16 - 2018-06-14 12:16 - 000776455 _____ () C:\Users\gwily\AppData\Local\census.cache
2018-06-14 12:01 - 2018-06-14 12:01 - 000000036 _____ () C:\Users\gwily\AppData\Local\housecall.guid.cache
2018-06-14 12:06 - 2018-06-14 12:06 - 000000010 _____ () C:\Users\gwily\AppData\Local\sponge.last.runtime.c ache

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Reply With Quote
  #5  
Old June 20th, 2019, 09:32 AM
gwilym gwilym is offline
Senior Member
 
Join Date: Oct 2002
O/S: Windows 7 64-bit
Location: talacre wales
Age: 72
Posts: 837
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019
Ran by gwily (19-06-2019 19:32:27)
Running from C:\Users\gwily\Desktop
Windows 10 Home Version 1803 17134.829 (X64) (2018-05-23 20:57:56)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1454482426-1969502132-749836352-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1454482426-1969502132-749836352-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1454482426-1969502132-749836352-1000 - Limited - Disabled) => C:\Users\defaultuser0
defaultuser1 (S-1-5-21-1454482426-1969502132-749836352-1021 - Limited - Enabled) => C:\Users\defaultuser1.GWIL47
Guest (S-1-5-21-1454482426-1969502132-749836352-501 - Limited - Disabled)
gwil1947 (S-1-5-21-1454482426-1969502132-749836352-1004 - Administrator - Enabled) => C:\Users\gwil1947
gwily (S-1-5-21-1454482426-1969502132-749836352-1001 - Administrator - Enabled) => C:\Users\gwily
WDAGUtilityAccount (S-1-5-21-1454482426-1969502132-749836352-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1454482426-1969502132-749836352-1001\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
LibreOffice 6.0.5.2 (HKLM\...\{9645CDEF-085C-45F7-A3CD-B4B7046EF78C}) (Version: 6.0.5.2 - The Document Foundation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11629.20246 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1454482426-1969502132-749836352-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
NOW TV Player 3.0.1.0 (HKU\S-1-5-21-1454482426-1969502132-749836352-1001\...\com.bskyb.nowtvplayer_is1) (Version: 3.0.1.0 - NOW TV)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11629.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11629.20246 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0. 2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.6.3. 0_x86__kgqvnymyfvs32 [2019-06-12] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.14 0.300.0_x86__kgqvnymyfvs32 [2019-05-28] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.0 .0.7_x86__h6adky7gbf63m [2019-05-22] (Gameloft.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.5 31.0_x64__v10z8vjag6ke6 [2019-03-19] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.3 7.0_x86__4642shxvsv8s2 [2018-02-03] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings _3.177.0.0_x86__4642shxvsv8s2 [2018-02-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32 .0_x86__k1h2ywk1493x8 [2019-03-26] (LENOVO INC.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_ x86__h6adky7gbf63m [2019-06-18] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_ x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-18] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.11.402. 0_x64__8wekyb3d8bbwe [2019-05-24] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351 .0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64_ _mcm4njqhnhss8 [2019-02-20] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_5.0. 0.0_x86__g0q0z3kw54rap [2019-04-10] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neut ral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igd lh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-05-20 10:37 - 2019-05-20 10:37 - 000365056 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Int erop.CxHef9fb4ae#\dbb85aa96a8ff15ea01ef0de5c266236 \Interop.CxHDAudioAPILib.ni.dll
2019-05-20 10:37 - 2019-05-20 10:37 - 000019968 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Int erop.CxUtilSvcLib\d187919a8e61c02d9665b4d571e582d7 \Interop.CxUtilSvcLib.ni.dll
2019-05-20 10:36 - 2019-05-20 10:36 - 002356736 _____ (Conexant Systems, Inc) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sma rtAudio\31abe638d6a847b738ef979f414faa4b\SmartAudi o.ni.exe
2017-07-10 22:49 - 2016-07-14 09:58 - 001155072 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
2017-07-10 22:49 - 2016-05-12 13:12 - 000132096 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SAII\CxUtilSvc.exe
2019-03-15 08:07 - 2018-08-12 21:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\Generic MessagingPlugin\x86\x86\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\J ava\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%System Root%\System32\Wbem;%SYSTEMROOT%\System32\WindowsP owerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1454482426-1969502132-749836352-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gwily\AppData\Local\Packages\Microsoft.Wi ndows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBac kground\34366822_10217191819414597_305616317866573 824_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8FABD140-F262-4475-B21E-B3AFD11597E1}] => (Allow) C:\Users\gwily\AppData\Local\Temp\7zS593D\HPDiagno sticCoreUI.exe No File
FirewallRules: [{5C286013-918F-42C0-80F5-3E4CF5C11DED}] => (Allow) C:\Users\gwily\AppData\Local\Temp\7zS593D\HPDiagno sticCoreUI.exe No File
FirewallRules: [{F5CC3AFA-EFFA-4FA4-B22B-85D4E3E9043B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{480C7652-D9F3-47CD-A50A-B33DE00E72EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{FAA520D7-A204-46DF-9FFB-C6888F8368ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File
FirewallRules: [{AC072E65-5DF1-4738-AA8F-88DB6D770103}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPD VD14.exe No File
FirewallRules: [{03B8B881-3279-4453-A4EA-367434395FC8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7EB00058-A62B-4B6A-8D9D-5E5ACF347C9C}] => (Allow) C:\Users\gwily\AppData\Local\Temp\HouseCall\tmase\ nmap\bonjour.exe No File

==================== Restore Points =========================

29-05-2019 20:57:06 Scheduled Checkpoint
09-06-2019 21:52:36 Scheduled Checkpoint
14-06-2019 18:53:18 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2019 12:13:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17134.799 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 14c0

Start Time: 01d524fda40dc92a

Termination Time: 14

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 554ab48a-595e-4dbe-8a97-ee10f3a80c35

Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (06/12/2019 05:45:33 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\GWIL47$ via https://INTC-KeyId-5e73c89aa3e902b27...lates/Aik/scep failed:

GetCACaps

Method: GET(609ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (06/11/2019 12:23:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17134.765 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 7610

Start Time: 01d52047e6fac21f

Termination Time: 11

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: f3d3319c-4d48-4517-983c-3d5c7b297345

Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (06/09/2019 07:16:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2019 10:54:47 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (06/08/2019 10:54:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (06/06/2019 12:13:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SkypeApp.exe version 8.44.0.40 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5b84

Start Time: 01d51c2f1fe05a4a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.1000 _x64__kzf8qxf38zg5c\SkypeApp.exe

Report Id: f38a0ab1-ca07-459b-92b1-75a60926d78f

Faulting package full name: Microsoft.SkypeApp_14.44.40.1000_x64__kzf8qxf38zg5 c

Faulting package-relative application ID: App

Error: (05/30/2019 03:30:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17134.765 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1de4

Start Time: 01d516f43045969a

Termination Time: 159

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: e60ec326-57db-4322-a48a-5773be16dc13

Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe

Faulting package-relative application ID: ContentProcess


System errors:
=============
Error: (06/19/2019 07:18:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2019 05:17:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2019 04:32:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2019 04:27:18 PM) (Source: DCOM) (EventID: 10016) (User: GWIL47)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user GWIL47\gwily SID (S-1-5-21-1454482426-1969502132-749836352-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.1713 4.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2019 04:27:13 PM) (Source: DCOM) (EventID: 10016) (User: GWIL47)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user GWIL47\gwily SID (S-1-5-21-1454482426-1969502132-749836352-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.1713 4.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2019 02:04:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2019 12:43:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2019 11:43:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-06-18 08:16:34.434
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EA659917-9C25-4027-BF73-253272AB318E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-06-17 13:25:23.989
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EEEC1796-FEE2-406B-B27F-6DE68E34F425}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-06-17 12:49:45.520
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C44D25FD-621A-4FD1-808B-FC086AEF306A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-06-17 09:31:47.702
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4C00F73D-50C6-4789-9DE7-36D2BA8B9A2E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-06-14 10:47:58.933
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BA0898BC-6516-4D48-8787-57D0345764FB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-06-14 20:20:11.580
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.295.706.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-05-25 13:42:08.153
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2019-05-15 06:28:34.315
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2019-04-30 13:27:12.548
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2019-04-05 09:32:14.188
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

CodeIntegrity:
===================================

Date: 2018-10-16 16:18:51.454
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-16 16:18:05.672
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-16 16:17:26.558
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-16 16:16:41.412
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-16 16:16:17.431
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-16 16:16:17.142
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-16 16:16:12.104
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-10-16 16:16:11.747
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 0XCN44WW 04/12/2018
Motherboard: LENOVO Toronto 5A2
Processor: Intel(R) Core(TM) i3-6006U CPU @ 2.00GHz
Percentage of memory in use: 63%
Total physical RAM: 8097.91 MB
Available physical RAM: 2989.55 MB
Total Virtual: 11169.91 MB
Available Virtual: 4913.41 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:886.84 GB) (Free:802.74 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.69 GB) NTFS

\\?\Volume{2bc02b02-00ba-4b29-9386-a2b9e06e1aa9}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.51 GB) NTFS
\\?\Volume{7780c346-9761-4558-8a03-9775289b724f}\ (LENOVO_PART) (Fixed) (Total:17.45 GB) (Free:6.58 GB) NTFS
\\?\Volume{165bd78f-2942-407b-87cc-851cca8cf78b}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 7B13B577)

Partition: GPT.

==================== End of Addition.txt ============================
Reply With Quote
  #6  
Old June 20th, 2019, 09:37 AM
gwilym gwilym is offline
Senior Member
 
Join Date: Oct 2002
O/S: Windows 7 64-bit
Location: talacre wales
Age: 72
Posts: 837
log files

Hi Jintan, thanks for help, it,s a while since I,ve been on here. I always have trouble fitting log files into replys hope I got it all in.
Reply With Quote
  #7  
Old June 20th, 2019, 05:53 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,851
Especially these FRST huge log files. It looks like you got it, and the log looks clean.
Reply With Quote
  #8  
Old June 20th, 2019, 06:38 PM
gwilym gwilym is offline
Senior Member
 
Join Date: Oct 2002
O/S: Windows 7 64-bit
Location: talacre wales
Age: 72
Posts: 837
thanks

Thanks for that I guess I,m ok then. I have always had YTD on my computers with no problem now it seems to have become dodgy. Will look for something else. Thanks again.
Reply With Quote
  #9  
Old June 20th, 2019, 06:48 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,851
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 06:46 PM.