Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC Freezes Upon Waking

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC Freezes Upon Waking

Unread postby aboynamedsue » August 23rd, 2020, 9:05 pm

I have had recurring problems over a period of time and the most prevalent one these days is that the computer freezes upon waking after being put to sleep. All that is visible is a blue or black screen and the mouse pointer. I have to manually turn off the computer and back on again in order to use it. Also, when I am doing downloads they are interrupted. I get weird text on random web pages which have been the names of files on my hard drive. When I was using the web page source viewer in a web browser, I pointed to a highlighted text and a weird sentence (The quick brown fox jumped over the lazy dog) appeared. Then, that same sentence appeared when I was using a different computer after pasting a text. Other tech products(tablet, smart phone, gaming consoles) have had some of these same problems which makes me think there must be an infection and it has spread.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-08-2020
Ran by Sheldon (administrator) on SHELDON-PC (Hewlett-Packard HP Compaq 4000 Pro SFF PC) (23-08-2020 18:44:10)
Running from C:\Users\Sheldon\Desktop
Loaded Profiles: Sheldon & Sheldon2
Platform: Microsoft Windows 10 Home Version 1909 18363.1016 (X86) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe <2>
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft\Edge\Application\msedge.exe <6>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Sheldon2\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe <3>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3312208 2019-05-04] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1400774824-2995677026-3893082217-1000\...\Run: [SynchronossPC] => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe [3644632 2018-02-23] (Synchronoss Software Ireland Ltd. -> Verizon)
HKU\S-1-5-21-1400774824-2995677026-3893082217-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1400774824-2995677026-3893082217-1002\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [248080 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKLM\...\Print\Monitors\HP 8811 Status Monitor: C:\WINDOWS\system32\hpinksts8811LM.dll [267112 2010-11-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\84.0.4147.135\Installer\chrmstp.exe [2020-08-19] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05AFF4A5-29A7-4A20-B824-AE1B3B22A4F9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_414_pepper.exe [1471032 2020-08-12] (Adobe Inc. -> Adobe)
Task: {1F060D92-64E5-4644-B66C-13687FADC69F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Susan\Downloads\esetonlinescanner_enu.exe
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {2976FCD1-E474-4C13-9FC8-D19FC883DFAC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {44C05EE7-D599-4008-A7BB-1F792CB6C3C4} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {46724EAA-CBB2-4C1B-9444-6C978B235D66} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
Task: {53D20C94-77CA-424E-8C62-0DA561071E0A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {6598C825-5EF0-47D3-BE0A-5D427DE4C9F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [152216 2017-12-03] (Google Inc -> Google Inc.)
Task: {68EF9AF0-838D-4C67-90EA-F4DCE16D317D} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Susan\Downloads\esetonlinescanner_enu.exe
Task: {B41C13E0-ADDE-4FDA-AA1A-DAB95D3C26AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-08-12] (Adobe Inc. -> Adobe)
Task: {D42ACF4D-DC53-4034-8E04-1D8CD0F5AA9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [152216 2017-12-03] (Google Inc -> Google Inc.)
Task: {D57326C9-FCA8-4CC7-AF5B-E08CC39B649D} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {D8E83394-03FE-4AAA-A90B-64C285A4CC6D} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {F22813AE-9704-46F0-B8F9-B959930DAA84} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [108752 2020-07-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {FC35C098-1513-479D-A363-F4937F4A9524} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2a6fce43-b5a0-4b41-ac21-c7792426e443}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5558FD4D-7063-4B93-A251-FAEE109B73CD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5d7c2cd5-9a75-1ac5-6245-118f1c411193}: [NameServer] 103.86.99.99,103.86.96.96
Tcpip\..\Interfaces\{e64dd136-58f8-4401-8eca-205b796cfc92}: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100

Internet Explorer:
==================
HKU\S-1-5-21-1400774824-2995677026-3893082217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1400774824-2995677026-3893082217-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-1400774824-2995677026-3893082217-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1400774824-2995677026-3893082217-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1400774824-2995677026-3893082217-1002 -> DefaultScope {3930594E-90DE-4CF9-957E-6167A369DD9C} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1400774824-2995677026-3893082217-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1400774824-2995677026-3893082217-1002 -> {3930594E-90DE-4CF9-957E-6167A369DD9C} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1400774824-2995677026-3893082217-1002 -> {ED5FA656-B039-45EE-BDDF-CB1929C0862D} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v115-7_f
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

Edge:
======
DownloadDir: C:\Users\Sheldon\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-1400774824-2995677026-3893082217-1000 -> about:tabs
Edge HomeButtonPage: HKU\S-1-5-21-1400774824-2995677026-3893082217-1002 -> about:tabs
Edge Profile: C:\Users\Sheldon\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-23]
Edge DownloadDir: C:\Users\Sheldon\Downloads
Edge HomePage: Default -> edge://newtab/

FireFox:
========
FF DefaultProfile: 42xvhvhh.default-1579314705629
FF ProfilePath: C:\Users\Sheldon\AppData\Roaming\Mozilla\Firefox\Profiles\42xvhvhh.default-1579314705629 [2020-08-23]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default [2018-10-31]
CHR Extension: (Slides) - C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-14]
CHR Extension: (Docs) - C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-14]
CHR Extension: (Google Drive) - C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-14]
CHR Extension: (YouTube) - C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-14]
CHR Extension: (Sheets) - C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-14]
CHR Extension: (Gmail) - C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-27]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-08-12] (Adobe Inc. -> Adobe)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9407200 2020-02-12] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5578952 2020-08-18] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [248080 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14155832 2020-01-06] (Adlice -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [250072 2013-10-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [419040 2020-02-12] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\NisSrv.exe [1423336 2020-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MsMpEng.exe [85560 2020-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [165376 2019-09-11] (Microsoft Corporation) [File not signed]
R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [60232 2020-08-23] (EnigmaSoft Limited -> EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [129056 2020-08-18] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [181000 2020-08-18] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [17360 2020-08-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [160920 2020-08-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [64080 2020-08-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [213912 2020-05-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [108704 2020-08-18] (Malwarebytes Inc -> Malwarebytes)
S3 netr28u; C:\WINDOWS\System32\drivers\netr28u.sys [1824256 2019-03-18] (Microsoft Windows -> MediaTek Inc.)
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [36776 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [36048 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [33280 2018-05-01] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [40800 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [24688 2020-08-23] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [37784 2020-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [317152 2020-08-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [45792 2020-08-04] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2018-05-28] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2018-05-28] (Zemana Ltd. -> Zemana Ltd.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-23 18:44 - 2020-08-23 18:46 - 000018535 _____ C:\Users\Sheldon\Desktop\FRST.txt
2020-08-23 18:40 - 2020-08-23 18:40 - 000001072 _____ C:\Users\Sheldon\Desktop\f.txt
2020-08-18 11:44 - 2020-08-18 11:44 - 000064080 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-08-18 11:43 - 2020-08-18 11:43 - 000181000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-08-18 11:43 - 2020-08-18 11:43 - 000160920 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-08-18 11:43 - 2020-08-18 11:43 - 000108704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-08-18 11:33 - 2020-08-23 14:35 - 000024688 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2020-08-18 06:54 - 2020-08-18 06:54 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-08-18 06:54 - 2020-08-18 06:54 - 000724480 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-08-18 06:54 - 2020-08-18 06:54 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2020-08-18 06:54 - 2020-08-18 06:54 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-08-18 06:54 - 2020-08-18 06:54 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2020-08-18 06:54 - 2020-08-18 06:54 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrahc.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 019852288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 018032128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 006294528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 005904896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 005767224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 003637760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 003516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-08-18 06:53 - 2020-08-18 06:53 - 002259192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2020-08-18 06:53 - 2020-08-18 06:53 - 002138280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2020-08-18 06:53 - 2020-08-18 06:53 - 001870200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 001564160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 001434800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 001418832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet40.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 001123328 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-08-18 06:53 - 2020-08-18 06:53 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2020-08-18 06:53 - 2020-08-18 06:53 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-08-18 06:53 - 2020-08-18 06:53 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2020-08-18 06:53 - 2020-08-18 06:53 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000568128 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxbde40.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd3x40.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000343408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2020-08-18 06:53 - 2020-08-18 06:53 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow32.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\net1.exe
2020-08-18 06:53 - 2020-08-18 06:53 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2020-08-18 06:53 - 2020-08-18 06:53 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrstub.exe
2020-08-18 06:53 - 2020-08-18 06:53 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-08-18 06:53 - 2020-08-18 06:53 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-08-18 06:53 - 2020-08-18 06:53 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdmcpl.dll
2020-08-18 06:53 - 2020-08-18 06:53 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 007072056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-08-18 06:52 - 2020-08-18 06:52 - 006074552 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 005849872 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 005003824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 003037184 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 003002880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 002803200 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 002799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-08-18 06:52 - 2020-08-18 06:52 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 002576896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 002235192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-08-18 06:52 - 2020-08-18 06:52 - 002203448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-08-18 06:52 - 2020-08-18 06:52 - 002076320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 001797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 001740800 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 001672544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 001543304 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 001402880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 001186304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 001077424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-08-18 06:52 - 2020-08-18 06:52 - 001070912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-08-18 06:52 - 2020-08-18 06:52 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000897648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000894032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000690536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000675040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-08-18 06:52 - 2020-08-18 06:52 - 000675024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000593480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000564488 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-08-18 06:52 - 2020-08-18 06:52 - 000475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000463168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000416296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-08-18 06:52 - 2020-08-18 06:52 - 000379704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000361792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-08-18 06:52 - 2020-08-18 06:52 - 000331064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-08-18 06:52 - 2020-08-18 06:52 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-08-18 06:52 - 2020-08-18 06:52 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000273744 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-08-18 06:52 - 2020-08-18 06:52 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000165176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000142648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-08-18 06:52 - 2020-08-18 06:52 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47mrm.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000124512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000115000 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000105384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\globinputhost.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000090936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-08-18 06:52 - 2020-08-18 06:52 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-08-18 06:52 - 2020-08-18 06:52 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguageProfileCallback.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-08-18 06:52 - 2020-08-18 06:52 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-08-18 06:52 - 2020-08-18 06:52 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-08-18 06:52 - 2020-08-18 06:52 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 014820352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 005946368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 005111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2020-08-18 06:51 - 2020-08-18 06:51 - 003974376 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-08-18 06:51 - 2020-08-18 06:51 - 003743056 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 002755896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-08-18 06:51 - 2020-08-18 06:51 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-08-18 06:51 - 2020-08-18 06:51 - 002022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 001882936 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 001544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 001452032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000816536 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000802304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000702976 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-08-18 06:51 - 2020-08-18 06:51 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000344376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-08-18 06:51 - 2020-08-18 06:51 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\HrtfApo.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayServer.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000212480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-08-18 06:51 - 2020-08-18 06:51 - 000207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2020-08-18 06:51 - 2020-08-18 06:51 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-08-18 06:51 - 2020-08-18 06:51 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-08-18 06:51 - 2020-08-18 06:51 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-08-18 06:51 - 2020-08-18 06:51 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-08-18 06:22 - 2020-07-17 22:07 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-08-18 00:16 - 2020-08-18 00:44 - 000000000 ____D C:\Users\User2\AppData\Local\NordVPN
2020-08-16 16:20 - 2020-08-16 16:20 - 000000000 ____D C:\Users\Sheldon2\AppData\Local\NordVPN
2020-08-16 16:19 - 2020-08-16 16:19 - 000002004 _____ C:\Users\Sheldon\Desktop\NordVPN.lnk
2020-08-16 16:19 - 2020-08-16 16:19 - 000000000 ____D C:\Users\Sheldon\AppData\Local\NordVPN
2020-08-16 16:19 - 2020-08-16 16:19 - 000000000 ____D C:\ProgramData\NordVPN
2020-08-16 16:19 - 2020-08-16 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\NordSec
2020-08-16 16:19 - 2020-08-16 16:19 - 000000000 ____D C:\Program Files\NordVPN network TAP
2020-08-16 16:19 - 2020-08-16 16:19 - 000000000 ____D C:\Program Files\NordVPN
2020-08-16 16:19 - 2020-08-05 11:53 - 000036048 _____ (TEFINCOM S.A.) C:\WINDOWS\system32\Drivers\nordlwf.sys
2020-08-16 16:18 - 2020-08-16 16:18 - 000000000 ____D C:\Program Files\NordVPN network TUN
2020-08-16 16:08 - 2020-08-16 16:08 - 019659760 _____ (TEFINCOM S.A. ) C:\Users\Sheldon2\Downloads\NordVPNSetup.exe
2020-08-14 03:30 - 2020-08-14 03:30 - 015486137 _____ C:\Users\Sheldon2\Downloads\Idiots on Parade1.mp4
2020-08-08 19:31 - 2020-08-08 19:31 - 002372743 _____ C:\Users\Sheldon2\Downloads\document(1).pdf
2020-08-04 11:58 - 2020-08-04 11:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-08-03 14:30 - 2020-08-03 14:31 - 002372743 _____ C:\Users\Sheldon2\Downloads\document.pdf
2020-07-30 17:37 - 2020-08-18 11:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-27 04:26 - 2020-07-27 04:26 - 000000893 _____ C:\Users\Sheldon2\Desktop\New Text Document (2).txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-23 18:46 - 2018-05-28 19:46 - 000140929 _____ C:\WINDOWS\ZAM.krnl.trace
2020-08-23 18:46 - 2018-05-28 19:46 - 000113982 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2020-08-23 18:45 - 2018-07-08 15:44 - 000000000 ____D C:\FRST
2020-08-23 18:38 - 2019-08-14 14:56 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{AF245FC9-0338-4E77-B13D-0AD230983FB2}
2020-08-23 18:36 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-08-23 18:36 - 2018-07-10 17:45 - 000000000 ____D C:\Users\Sheldon\AppData\Local\Packages
2020-08-23 18:24 - 2019-03-18 21:46 - 000000000 ___HD C:\Program Files\WindowsApps
2020-08-23 18:23 - 2019-03-18 21:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-08-23 18:18 - 2018-07-10 17:46 - 000000000 ___RD C:\Users\Sheldon\3D Objects
2020-08-23 18:18 - 2018-05-21 04:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-08-23 18:16 - 2019-10-13 19:07 - 002014208 _____ (Farbar) C:\Users\Sheldon\Desktop\FRST.exe
2020-08-23 17:58 - 2018-08-17 17:49 - 000000000 ____D C:\Users\Sheldon2\AppData\LocalLow\Mozilla
2020-08-23 17:55 - 2019-08-14 14:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-08-23 14:42 - 2019-08-14 14:42 - 000912284 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-08-23 14:42 - 2019-03-18 21:44 - 000000000 ____D C:\WINDOWS\INF
2020-08-23 14:40 - 2018-08-24 03:44 - 000000000 ____D C:\Users\Sheldon2\AppData\Local\CrashDumps
2020-08-23 14:40 - 2018-05-21 04:05 - 000000000 ___RD C:\Users\Sheldon2\OneDrive
2020-08-23 14:36 - 2020-02-12 19:12 - 000060232 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2020-08-23 14:36 - 2019-08-14 04:38 - 000000000 ____D C:\Users\Sheldon2
2020-08-23 14:35 - 2019-08-14 14:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-08-23 13:02 - 2019-10-29 00:00 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-08-22 18:59 - 2020-07-04 12:28 - 000002391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-08-22 18:59 - 2020-07-04 12:28 - 000002229 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-08-22 18:59 - 2020-07-04 12:28 - 000002229 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-08-20 22:44 - 2018-01-02 04:09 - 000000000 ____D C:\Users\Sheldon2\AppData\Roaming\vlc
2020-08-20 03:00 - 2018-01-28 04:48 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2020-08-20 01:39 - 2018-06-27 18:11 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2020-08-19 23:49 - 2018-11-09 00:39 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2020-08-19 23:08 - 2019-08-14 04:38 - 000000000 ____D C:\Users\Sheldon
2020-08-19 22:50 - 2017-12-03 16:59 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-08-19 22:50 - 2017-12-03 16:59 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-08-19 22:50 - 2017-12-03 16:59 - 000002213 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-08-19 18:16 - 2019-08-14 14:56 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1400774824-2995677026-3893082217-1003
2020-08-19 18:16 - 2019-08-14 04:38 - 000002371 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-08-19 18:16 - 2018-06-27 18:20 - 000000000 ___RD C:\Users\User\OneDrive
2020-08-19 18:10 - 2018-06-27 18:12 - 000000000 ___RD C:\Users\User\3D Objects
2020-08-19 04:07 - 2019-05-12 00:43 - 000000000 ____D C:\Users\User2\AppData\Roaming\vlc
2020-08-19 02:09 - 2019-08-14 04:38 - 000000000 ____D C:\Users\User2
2020-08-18 19:04 - 2018-05-21 04:00 - 000000000 ___RD C:\Users\Sheldon2\3D Objects
2020-08-18 13:03 - 2019-01-04 04:10 - 000000000 ____D C:\Users\User2\AppData\LocalLow\Mozilla
2020-08-18 11:43 - 2019-07-09 02:41 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-18 11:43 - 2019-07-09 02:41 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-18 11:39 - 2019-07-09 02:41 - 000129056 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2020-08-18 11:39 - 2019-07-09 02:41 - 000017360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-08-18 11:36 - 2019-01-04 04:05 - 000000000 ___RD C:\Users\User2\3D Objects
2020-08-18 11:34 - 2019-08-14 14:27 - 000254944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-08-18 11:33 - 2018-08-17 17:49 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2020-08-18 11:30 - 2019-03-18 21:35 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2020-08-18 11:27 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\SystemResources
2020-08-18 11:27 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\system32\setup
2020-08-18 11:27 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-08-18 11:27 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-08-18 11:27 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-08-18 11:27 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\Provisioning
2020-08-18 11:27 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-08-18 11:27 - 2019-03-18 21:35 - 000000000 ____D C:\WINDOWS\servicing
2020-08-18 07:04 - 2019-03-18 21:35 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-08-17 16:29 - 2019-11-21 22:38 - 000002374 _____ C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-08-17 16:29 - 2019-08-14 14:56 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1400774824-2995677026-3893082217-1004
2020-08-17 16:28 - 2019-01-04 04:09 - 000000000 ___RD C:\Users\User2\OneDrive
2020-08-12 17:45 - 2020-07-14 06:16 - 004510264 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2020-08-12 17:45 - 2020-06-10 12:36 - 000842296 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerApp.exe
2020-08-12 17:45 - 2020-06-10 12:36 - 000175160 _____ (Adobe) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2020-08-12 17:45 - 2019-08-14 14:56 - 000004596 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-08-12 17:45 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-08-12 17:40 - 2019-08-14 14:56 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1400774824-2995677026-3893082217-1002
2020-08-12 17:40 - 2019-08-14 04:38 - 000002383 _____ C:\Users\Sheldon2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-08-08 18:53 - 2019-03-18 21:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-08-08 18:49 - 2019-04-17 15:52 - 000000000 ____D C:\Users\Sheldon2\Desktop\New folder (4)
2020-08-04 18:07 - 2018-05-21 01:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-08-04 11:57 - 2018-08-17 17:49 - 000001197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-08-03 17:10 - 2017-12-18 04:19 - 000004834 _____ C:\Users\Sheldon2\Desktop\Games.txt
2020-08-01 01:28 - 2018-07-03 18:43 - 000001617 _____ C:\Users\Sheldon2\Desktop\GameStop Pre-Orders.txt
2020-08-01 01:25 - 2018-01-02 18:38 - 000000000 ____D C:\Users\Sheldon2\Desktop\Pre-Orders
2020-07-29 17:29 - 2020-01-11 09:08 - 000000000 ____D C:\WINDOWS\Minidump
2020-07-29 17:28 - 2019-04-10 21:58 - 000537373 ____N C:\WINDOWS\Minidump\072920-29109-01.dmp

==================== Files in the root of some directories ========

2018-04-01 19:06 - 2018-05-26 03:36 - 000007598 _____ () C:\Users\Sheldon\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-08-2020
Ran by Sheldon (23-08-2020 18:47:24)
Running from C:\Users\Sheldon\Desktop
Microsoft Windows 10 Home Version 1909 18363.1016 (X86) (2019-08-14 19:57:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1400774824-2995677026-3893082217-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1400774824-2995677026-3893082217-503 - Limited - Disabled)
Guest (S-1-5-21-1400774824-2995677026-3893082217-501 - Limited - Disabled)
Sheldon (S-1-5-21-1400774824-2995677026-3893082217-1000 - Administrator - Enabled) => C:\Users\Sheldon
Sheldon2 (S-1-5-21-1400774824-2995677026-3893082217-1002 - Limited - Enabled) => C:\Users\Sheldon2
Susan (S-1-5-21-1400774824-2995677026-3893082217-1001 - Limited - Enabled) => C:\Users\Susan
User (S-1-5-21-1400774824-2995677026-3893082217-1003 - Limited - Enabled) => C:\Users\User
User2 (S-1-5-21-1400774824-2995677026-3893082217-1004 - Limited - Enabled) => C:\Users\User2
WDAGUtilityAccount (S-1-5-21-1400774824-2995677026-3893082217-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{4E97C234-3F6C-4AA9-BFAF-0166F3050A68}) (Version: 4.13.0.3800 - Open Media LLC)
ActivePerl 5.22.4 Build 2205 (HKLM\...\{7415BCA2-54C5-4A89-B7F8-9EB2960510D8}) (Version: 5.22.2205 - ActiveState)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.414 - Adobe)
Audacity 2.3.2 (HKLM\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Avira Safe Shopping (HKLM\...\{9158dccb-03a7-493c-b07e-f47b9784425c}) (Version: 1.0.65.2672 - Avira Operations Gmbh & Co. KG)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (HKLM\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Golden Trails 2: The Lost Legacy (HKLM\...\BFG-Golden Trails 2 - The Lost Legacy) (Version: - )
Golden Trails 3: The Guardian's Creed (HKLM\...\BFG-Golden Trails 3 - The Guardian's Creed) (Version: - )
Golden Trails: The New Western Rush (HKLM\...\BFG-Golden Trails The New Western Rush) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 84.0.4147.135 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hidden Expedition &reg;: Amazon (HKLM\...\BFG-Hidden Expedition - Amazon) (Version: - )
Hidden Expedition: Dawn of Prosperity (HKLM\...\BFG-Hidden Expedition - Dawn of Prosperity) (Version: - )
Hidden Expedition: The Pearl of Discord (HKLM\...\BFG-Hidden Expedition - The Pearl of Discord) (Version: - )
Hidden Expedition: The Uncharted Islands Collector's Edition (HKLM\...\BFG-Hidden Expedition - The Uncharted Islands Collector's Edition) (Version: - )
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2413 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
KeePass Password Safe 2.42.1 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.42.1 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 84.0.522.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft OneDrive (HKU\S-1-5-21-1400774824-2995677026-3893082217-1000\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1400774824-2995677026-3893082217-1002\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Converter 20 Premium (HKU\S-1-5-21-1400774824-2995677026-3893082217-1002\...\Movavi Video Converter 20 Premium) (Version: 20.1.2 - Movavi)
Mozilla Firefox 79.0 (x86 en-US) (HKLM\...\Mozilla Firefox 79.0 (x86 en-US)) (Version: 79.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0.0.7506 - Mozilla)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.31.13.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{77DA107A-7AE4-497D-A84A-B143C3A21676}) (Version: 1.0.0 - NordVPN)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
RogueKiller version 14.0.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.0.4.0 - Adlice Software)
SpyHunter 5 (HKLM\...\SpyHunter5) (Version: 5.8.7.163 - EnigmaSoft Limited)
URL Snooper v2.42.01 (HKLM\...\URLSnooper 2_is1) (Version: - DonationCoder.com)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 17.3.1.34 - Verizon)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x86__rz1tebttyb220 [2019-11-15] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x86__8wekyb3d8bbwe [2020-08-20] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1400774824-2995677026-3893082217-1000_Classes\CLSID\{7fa68a78-26d3-4674-8599-5f3645a6f9a8} -> [Verizon Cloud Sync] => C:\Users\Sheldon\Verizon Cloud Sync0
CustomCLSID: HKU\S-1-5-21-1400774824-2995677026-3893082217-1002_Classes\CLSID\{8816027c-d5cf-4c23-89ab-b01f6d5bed4e}\localserver32 -> "C:\Program Files\TunnelBear\TunnelBear.UI.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1400774824-2995677026-3893082217-1002_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.Overlays.dll [2018-02-23] (Synchronoss Software Ireland Ltd. -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.Overlays.dll [2018-02-23] (Synchronoss Software Ireland Ltd. -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.Overlays.dll [2018-02-23] (Synchronoss Software Ireland Ltd. -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.Overlays.dll [2018-02-23] (Synchronoss Software Ireland Ltd. -> Synchronoss Technologies Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-05-28] (Zemana Ltd. -> )
ContextMenuHandlers1: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.ContextMenus.dll [2018-02-23] (Synchronoss Software Ireland Ltd. -> Synchronoss Technologies Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.ContextMenus.dll [2018-02-23] (Synchronoss Software Ireland Ltd. -> Synchronoss Technologies Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.ContextMenus.dll [2018-02-23] (Synchronoss Software Ireland Ltd. -> Synchronoss Technologies Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-05-28] (Zemana Ltd. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.ContextMenus.dll [2018-02-23] (Synchronoss Software Ireland Ltd. -> Synchronoss Technologies Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:03A39BFB [131]
AlternateDataStreams: C:\ProgramData\TEMP:041ED421 [452]
AlternateDataStreams: C:\ProgramData\TEMP:070D9534 [120]
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449 [192]
AlternateDataStreams: C:\ProgramData\TEMP:1EEF2E2E [140]
AlternateDataStreams: C:\ProgramData\TEMP:201C0C98 [140]
AlternateDataStreams: C:\ProgramData\TEMP:2658F5EB [133]
AlternateDataStreams: C:\ProgramData\TEMP:268BA8AB [216]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:395FEA87 [236]
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\TEMP:51A20D23 [153]
AlternateDataStreams: C:\ProgramData\TEMP:52641FBE [120]
AlternateDataStreams: C:\ProgramData\TEMP:58717A3B [492]
AlternateDataStreams: C:\ProgramData\TEMP:6C74C778 [131]
AlternateDataStreams: C:\ProgramData\TEMP:7C1271A7 [136]
AlternateDataStreams: C:\ProgramData\TEMP:87475793 [131]
AlternateDataStreams: C:\ProgramData\TEMP:9735F991 [516]
AlternateDataStreams: C:\ProgramData\TEMP:982E1B5A [140]
AlternateDataStreams: C:\ProgramData\TEMP:B6B0F849 [238]
AlternateDataStreams: C:\ProgramData\TEMP:BB718C46 [136]
AlternateDataStreams: C:\ProgramData\TEMP:BDA276B0 [124]
AlternateDataStreams: C:\ProgramData\TEMP:C5D15631 [506]
AlternateDataStreams: C:\ProgramData\TEMP:F25964BF [233]
AlternateDataStreams: C:\ProgramData\TEMP:F89F2593 [221]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2019-03-01 23:12 - 000475945 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 ad.activesolutions.cz
0.0.0.0 app.activetrail.com
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
0.0.0.0 adadvisor.net
0.0.0.0 wad.adbasket.net

There are 12588 more lines.


2020-05-23 15:59 - 2020-05-23 16:11 - 000000440 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Perl\site\bin;C:\Perl\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\RogueKiller;
HKU\S-1-5-21-1400774824-2995677026-3893082217-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1400774824-2995677026-3893082217-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 103.86.99.99 - 103.86.96.96
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Local Area Connection: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A2A8EF95-EFEB-49FC-A0B3-DC60D704689B}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{D254B1BA-0926-42FE-BDC2-B8CA21FAFA28}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{31AFC47E-FE2E-4A5B-9D0A-E284EF1D121F}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{4B67C0AE-8574-4C5A-A177-5B5EB91C88F7}] => (Allow) C:\Program Files\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{7BDA3ED4-0ACF-4E2D-A520-D43E03E1E344}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F301E287-DD82-4858-BC43-71BFE7ABB620}] => (Block) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{81E652AA-0BEB-4CF8-9883-82EF7E1AB636}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{284156DC-7991-49A4-90D9-63952B0F279B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8157A74A-6D5A-4F76-B4DA-00D2848421CB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{444ABD97-1196-4D94-A918-F3B8DB79A29E}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{B00197BB-60DD-4287-8F78-7686CF4AEBEC}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{92B839DB-A009-41DD-BFFF-BB0B79344455}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2E717193-C179-4660-9B8C-12C7ABA3AB17}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DC4FF8C8-332A-4B78-BDB8-B3C9BA4B7DC8}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CBD93F90-890C-4201-9574-B4C995C2CE5C}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6D22739C-F844-4557-8CE7-CC999D1785F9}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FAB1B92F-06A8-4EF8-8DF9-7BC7FC710A02}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{8946B199-FA4F-4EC0-B38C-3157DF2A3F06}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{89DB3143-022D-4096-B3A8-9779F010CA8B}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CD359757-210F-41BC-B996-C31AFD2C92DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{90C706D5-2B8D-40AA-A3F3-9924DF8FC1E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61E2D7F0-667B-4312-814B-5EFA9F7AFC91}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{01EB0C5B-87B2-4CDE-B619-96FC02C1A37F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{34454969-6219-4E42-B778-70A70E585202}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-08-2020 06:19:48 Windows Update

==================== Faulty Device Manager Devices ============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/23/2020 06:47:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4752,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/23/2020 06:04:21 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9656,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/23/2020 03:59:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4288,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/23/2020 03:52:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4288,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/23/2020 03:12:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (612,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/23/2020 02:49:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3424,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (08/23/2020 02:39:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 5.420.8043.0, time stamp: 0x5f29c4c2
Faulting module name: ucrtbase.dll, version: 10.0.18362.815, time stamp: 0xbea5fce0
Exception code: 0xc0000409
Fault offset: 0x0009e6eb
Faulting process id: 0xa28
Faulting application start time: 0x01d67984f23434ec
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x86__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 5880e15e-cd40-4ca3-8d31-bdff9a234847
Faulting package full name: Microsoft.XboxGamingOverlay_5.420.8043.0_x86__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (08/22/2020 07:11:51 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10816,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (08/23/2020 06:19:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_594a0 service.

Error: (08/23/2020 06:18:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_594a0 service.

Error: (08/23/2020 06:18:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_594a0 service.

Error: (08/23/2020 06:17:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_594a0 service.

Error: (08/23/2020 05:57:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_594a0 service.

Error: (08/23/2020 05:56:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_594a0 service.

Error: (08/23/2020 05:56:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_594a0 service.

Error: (08/23/2020 05:31:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_594a0 service.


Windows Defender:
===================================
Date: 2020-07-22 19:05:46.961
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {58EDF31C-42D6-41E1-AF6D-37704337507F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-29 07:15:01.085
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CF2A62B4-3D76-4AB1-96E9-537DFC676B50}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-13 18:06:20.662
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {20EE9F57-AA07-44F6-ABC4-4A84FBB22164}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-15 11:12:28.473
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B4510C3D-8805-4E6E-A45C-25637FFEE1DB}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-12-05 09:02:36.540
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {71765A1D-4B34-4D03-9B64-EC48534B1ADB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-07-22 12:52:55.681
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.2051.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2020-07-22 12:52:55.680
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.2051.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2020-07-22 12:52:55.680
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.2051.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2020-07-04 03:47:37.902
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-07-03 21:26:52.410
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.746.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-08-23 18:41:24.352
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-23 18:21:29.695
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-23 18:21:29.005
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-23 18:21:27.483
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-23 18:21:27.176
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-23 18:21:27.096
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-23 18:21:23.343
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.

Date: 2020-08-23 18:21:21.121
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Hewlett-Packard 786H7 v02.02 07/19/2011
Motherboard: Hewlett-Packard 1493
Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 82%
Total physical RAM: 3519.33 MB
Available physical RAM: 626.07 MB
Total Virtual: 10175.33 MB
Available Virtual: 4378.38 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:217.89 GB) (Free:25.85 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:400.4 GB) NTFS

\\?\Volume{412e0444-e420-11e6-88a9-806e6f6e6963}\ (System) (Fixed) (Total:0.34 GB) (Free:0.15 GB) NTFS
\\?\Volume{412e0446-e420-11e6-88a9-806e6f6e6963}\ (Recovery image) (Fixed) (Total:14.65 GB) (Free:12.24 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 4EDE173B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=217.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=27)

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 97074E1C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
aboynamedsue
Active Member
 
Posts: 1
Joined: August 23rd, 2020, 8:32 pm
Advertisement
Register to Remove

Re: PC Freezes Upon Waking

Unread postby pgmigg » August 24th, 2020, 9:33 pm

Hello aboynamedsue,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: PC Freezes Upon Waking

Unread postby pgmigg » August 25th, 2020, 12:27 am

Hello aboynamedsue,

Step 1.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 2.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business or educational purposes and/or connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Contents of a log created by codecheck.txt
  5. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: PC Freezes Upon Waking

Unread postby pgmigg » August 28th, 2020, 9:07 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware