IN OPPOSITE ORDER BUT OK THANK U
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
Ran by Nathan (18-03-2020 23:20:27)
Running from C:\Users\Nathan\Downloads
Windows 7 Ultimate N Service Pack 1 (X64) (2018-10-25 16:04:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1270021460-4183227028-2917954802-500 - Administrator - Disabled)
Guest (S-1-5-21-1270021460-4183227028-2917954802-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1270021460-4183227028-2917954802-1002 - Limited - Enabled)
Nathan (S-1-5-21-1270021460-4183227028-2917954802-1000 - Administrator - Enabled) => C:\Users\Nathan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 80.1.5.112 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Discord (HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{20907839-6188-46EF-8AE7-141C86EDE13F}) (Version: 12.14.49.15 - HP Inc.)
Ignition Casino Poker (HKLM-x32\...\{B63C2764-2878-40D2-A50E-B3BE6D5F122F}_is1) (Version: 4.0 - )
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.3.8497 - TeamViewer)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
XSplit Gamecaster (HKLM-x32\...\{7F0DC866-BE32-4AE8-8242-A1F5753176B8}) (Version: 3.4.1812.0304 - SplitmediaLabs)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2018-10-21 17:47 - 2011-08-09 18:46 - 000443040 _____ (Atheros Communications Inc. -> Atheros) [File not signed] C:\Windows\system32\athihvs.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2019-01-06 08:58 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8D9928F9-C321-4824-AB48-FCB0551865A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [{88EC0A08-4605-4907-97FD-3796912CAFC3}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{DADCBC27-FC13-43AF-A692-8B90C8411931}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{92B41091-B82B-4971-AB55-E73D00CF9A9A}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{21925DB8-B724-4F3B-A002-82E09BA0D476}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{DC47CD10-8468-43BF-9466-C6A4E04E2EDC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{6C292E25-9923-4B2D-B85A-A70957C6E699}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{F90F108D-A7E4-4467-B420-60E72B530BE2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{87344F7F-5DDF-4482-9CA0-A80FF621818D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B3447847-D77A-4FCC-B361-520F08796E08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C6A88D84-F206-4CFD-9E33-02E530D86A42}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{96F8785E-DFD6-4EFF-8C0D-C57829220266}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
10-03-2020 23:47:28 Device Driver Package Install: TAP-NordVPN Windows Provider V9 Network adapters
11-03-2020 01:01:13 AdwCleaner_BeforeCleaning_11/03/2020_01:01:12
11-03-2020 01:10:41 AdwCleaner_BeforeCleaning_11/03/2020_01:10:31
11-03-2020 01:36:53 Windows Update
11-03-2020 01:57:58 JRT Pre-Junkware Removal
11-03-2020 02:29:19 Checkpoint by HitmanPro
11-03-2020 02:45:16 Windows Update
11-03-2020 03:10:49 Checkpoint by HitmanPro
11-03-2020 14:34:50 Windows Update
11-03-2020 22:41:47 Windows Update
13-03-2020 03:26:33 Removed XSplit Gamecaster
16-03-2020 23:56:10 Installed Windows 7 USB/DVD Download Tool
17-03-2020 02:14:11 Revo Uninstaller's restore point - Google Chrome
18-03-2020 04:57:16 Windows Update
18-03-2020 08:33:36 Removed Windows 7 USB/DVD Download Tool
18-03-2020 09:05:21 Removed HP Support Assistant.
18-03-2020 09:05:54 Removed HP Support Solutions Framework
18-03-2020 09:19:53 Restore Operation
18-03-2020 15:01:08 Removed XSplit Gamecaster
18-03-2020 17:48:07 Windows Update
18-03-2020 17:52:20 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123
18-03-2020 19:09:42 Restore Operation
==================== Faulty Device Manager Devices ============
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (03/18/2020 11:09:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 724
Start Time: 01d5fd9b9678cbd2
Termination Time: 20
Application Path: C:\Windows\Explorer.EXE
Report Id: 065f06f2-698f-11ea-a854-74de2b1b95ef
Error: (03/18/2020 11:09:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/18/2020 08:33:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/18/2020 07:40:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/18/2020 06:21:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/18/2020 06:16:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a28
Start Time: 01d5fd6d99d94b6f
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (03/18/2020 05:42:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
Error: (03/18/2020 05:42:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
System errors:
=============
Error: (03/18/2020 11:07:44 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (03/18/2020 11:07:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:08:24 PM on 3/18/2020 was unexpected.
Error: (03/18/2020 11:07:22 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (03/18/2020 11:07:22 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (03/18/2020 09:07:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (03/18/2020 09:07:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (03/18/2020 08:58:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
Error: (03/18/2020 08:31:40 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Windows Defender:
===================================
Date: 2020-03-18 20:29:00.397
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0
Date: 2020-03-18 10:54:53.385
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0
Date: 2020-03-18 06:21:32.305
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.16800.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2020-03-18 18:19:49.104
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-03-18 18:19:48.979
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-03-18 18:14:46.171
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\JitDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-03-18 18:14:45.999
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\JitDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-03-18 18:14:45.827
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\JitDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-03-18 18:14:45.640
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\JitDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-03-18 18:09:52.514
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\JitDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2020-03-18 18:09:52.265
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\JitDriver.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Hewlett-Packard F.45 01/17/2012
Motherboard: Hewlett-Packard 3568
Processor: AMD A6-3420M APU with Radeon HD Graphics
Percentage of memory in use: 87%
Total physical RAM: 3561.41 MB
Available physical RAM: 446.31 MB
Total Virtual: 7120.95 MB
Available Virtual: 3271.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:441.79 GB) (Free:341.62 GB) NTFS
Drive d: (Recovery) (Fixed) (Total:19.91 GB) (Free:2.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.96 GB) FAT32
Drive f: (GSP1RMCNULXFRER_EN_DVD) (CDROM) (Total:2.77 GB) (Free:0 GB) UDF
\\?\Volume{bb21917a-d887-11e8-afaf-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DC9CC033)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
==================== End of Addition.txt =======================
NEXT FILE NEXT FILE .. NEXT FILE
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
Ran by Nathan (administrator) on NATHANWIN7 (Hewlett-Packard HP Pavilion g7 Notebook PC) (18-03-2020 23:17:35)
Running from C:\Users\Nathan\Downloads
Loaded Profiles: Nathan (Available Profiles: Nathan)
Platform: Windows 7 Ultimate N Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" -- "%1")
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\...\Run: [Discord] => C:\Users\Nathan\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1270021460-4183227028-2917954802-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\80.1.5.112\Installer\chrmstp.exe [2020-03-18] (Brave Software, Inc.) [File not signed]
BootExecute: dfboottime \??\C:\Windows\System32\dfboottime.cfgautocheck autochk *
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0719FF8D-0A89-4578-8658-61AE239C4AB8} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0E7373C6-4F35-4549-9E6A-927C29626523} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {36BB0B6E-1697-452B-9A3D-1F7403E29D7B} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [1624120 2018-05-02] (Piriform Ltd -> Piriform Ltd)
Task: {3E0F3850-DFF6-44E5-A867-6D9170091CD8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {48125E50-69C3-45BD-843B-49B59A42135E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {59B1E654-44AB-4647-B60C-3557AA506B57} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {6985298E-7D8C-44EF-8A45-DC23C29302CE} - System32\Tasks\HPCeeScheduleForNathan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)
Task: {6E29A70D-8034-4C0D-90D3-91C1434EF52E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {6FDF364C-0157-4C38-8514-81DE24236994} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)
Task: {7B3322F9-5CFC-45BB-9E4D-3AB6A87B54FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)
Task: {966AE572-BDDA-42A1-86C9-873AA86C33D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [62840 2019-11-28] (HP Inc. -> HP Inc.)
Task: {AD91CC59-D672-4FEF-A0A6-887274D4E345} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [308088 2020-02-12] (HP Inc. -> HP Inc.)
Task: {B463FBA4-68FD-4542-9940-92B3577FEFE6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2018-05-04] (HP Inc. -> HP Inc.)
Task: {C17982E4-54A5-40CE-A61A-D0363C25B18D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-09-26] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F7606D2D-496F-4763-B889-7923CE745878} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNathan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{733F7B85-7134-4C5A-A282-4AD8D3640DC2}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{C6AE969C-B2FB-4128-AF00-1686FBD85C2C}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
FireFox:
========
FF DefaultProfile: 4yhwfcfo.default-1569477086153
FF ProfilePath: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\4yhwfcfo.default-1569477086153 [2020-03-18]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Chrome:
=======
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default [2020-03-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [361848 2019-12-06] (HP Inc. -> HP Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13206544 2020-03-09] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2768384 2011-08-03] (Atheros Communications, Inc.) [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-03-18 23:14 - 2020-03-18 23:14 - 002279936 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2020-03-18 21:04 - 2020-03-18 20:49 - 000368056 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-03-18 20:57 - 2020-03-18 21:05 - 000001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-03-18 20:57 - 2020-03-18 21:05 - 000001963 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-03-18 20:57 - 2020-03-18 20:57 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\AVAST Software
2020-03-18 20:57 - 2020-03-18 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2020-03-18 20:50 - 2020-03-18 20:50 - 000458584 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1bac43505ba7fd85.tmp
2020-03-18 20:50 - 2020-03-18 20:50 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-03-18 20:50 - 2020-03-18 20:49 - 000848672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw90fca36ac84b4c92.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000316256 _____ (AVAST Software) C:\Windows\system32\Drivers\asw837b09b43a0fc9d2.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000279360 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8a8392e12cd5d2bf.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000271120 _____ (AVAST Software) C:\Windows\system32\Drivers\asw81e789a3a91d1461.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000235184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc7f3aa94bddb26ea.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000206608 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3e84a11f540b00b7.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000205576 _____ (AVAST Software) C:\Windows\system32\Drivers\asw42ad984a01e969f9.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000175400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc8e84b0b1d92a552.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000110560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe41b76c404c38f04.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000084056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe2d0e0d32a927203.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000064272 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6b4639d26b25bfa2.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000042976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb2abe895d3d88bc1.tmp
2020-03-18 20:50 - 2020-03-18 20:49 - 000037864 _____ (AVAST Software) C:\Windows\system32\Drivers\asw18127936e9306c78.tmp
2020-03-18 20:47 - 2020-03-18 20:47 - 000002171 _____ C:\Users\Nathan\Desktop\Discord.lnk
2020-03-18 20:46 - 2020-03-18 20:47 - 000000000 ____D C:\Users\Nathan\AppData\Local\Discord
2020-03-18 20:45 - 2020-03-18 20:45 - 000000000 ____D C:\Program Files\AVAST Software
2020-03-18 20:42 - 2020-03-18 20:45 - 062620472 _____ (Discord Inc.) C:\Users\Nathan\Downloads\DiscordSetup.exe
2020-03-18 20:29 - 2020-03-18 20:29 - 000233080 _____ (AVAST Software) C:\Users\Nathan\Downloads\avast_premium_security_setup_online.exe
2020-03-18 19:53 - 2020-03-18 19:57 - 000000000 _____ C:\Windows\system32\last.dump
2020-03-18 18:09 - 2020-03-18 18:09 - 000000000 ____D C:\ProgramData\Driver Support
2020-03-18 17:52 - 2020-03-18 17:52 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-18 17:43 - 2020-03-18 19:34 - 000000000 ____D C:\Program Files (x86)\Driver Support One
2020-03-18 17:22 - 2020-03-18 17:22 - 000000000 ____D C:\$WINDOWS.~LS
2020-03-18 17:16 - 2020-03-18 17:16 - 000000000 ____D C:\$UPGRADE.~OS
2020-03-18 17:15 - 2020-03-18 17:15 - 000000000 ____D C:\$WINDOWS.~BT
2020-03-18 15:20 - 2020-03-18 17:22 - 000000002 _____ C:\$UpgDrv$
2020-03-18 15:17 - 2020-03-18 17:11 - 000002602 _____ C:\Users\Nathan\Desktop\Windows Compatibility Report.htm
2020-03-18 15:07 - 2020-03-18 15:07 - 000000000 ____H C:\Users\Guest\Documents\Default.rdp
2020-03-18 15:04 - 2020-03-18 15:04 - 000000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2020-03-18 15:04 - 2020-03-18 15:04 - 000000000 ____D C:\Users\Guest\AppData\Local\Google
2020-03-18 15:03 - 2020-03-18 19:37 - 000000000 ____D C:\Users\Guest
2020-03-18 15:03 - 2020-03-18 15:03 - 000000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2020-03-18 07:13 - 2020-03-18 07:13 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Gyazo
2020-03-18 07:12 - 2020-03-18 09:42 - 000000000 ____D C:\Program Files (x86)\Gyazo
2020-03-18 05:53 - 2020-03-18 05:55 - 000043259 _____ C:\Users\Nathan\Downloads\MTB.txt
2020-03-17 02:28 - 2020-03-17 02:29 - 076223216 _____ (Lenovo Group Limited ) C:\Users\Nathan\Downloads\8awt16ww.exe
2020-03-17 02:28 - 2020-03-17 02:28 - 000000000 ____D C:\Users\Nathan\AppData\Local\Microsoft Games
2020-03-17 02:11 - 2020-03-17 02:11 - 000000000 ____D C:\Users\Nathan\AppData\Local\HP
2020-03-17 02:09 - 2020-03-17 02:09 - 013274912 _____ (Lenovo Group Limited ) C:\Users\Nathan\Downloads\83wo14ww.exe
2020-03-17 00:06 - 2020-03-17 00:06 - 007432520 _____ (VS Revo Group ) C:\Users\Nathan\Downloads\revosetup (1).exe
2020-03-16 23:59 - 2020-03-18 14:54 - 000000004 _____ C:\Users\Nathan\Documents\CCleanerFoundItems.txt
2020-03-16 23:57 - 2020-03-18 19:34 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2020-03-16 23:57 - 2020-03-18 19:34 - 000000000 ____D C:\Users\Nathan\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2020-03-16 23:57 - 2020-03-16 23:57 - 000002529 _____ C:\Users\Nathan\Desktop\Windows 7 USB DVD Download Tool.lnk
2020-03-16 23:55 - 2020-03-18 20:00 - 000001908 _____ C:\Windows\diagwrn.xml
2020-03-16 23:55 - 2020-03-18 20:00 - 000001908 _____ C:\Windows\diagerr.xml
2020-03-16 23:54 - 2020-03-18 19:34 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Greenshot
2020-03-16 23:54 - 2020-03-16 23:54 - 002721168 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2020-03-16 23:54 - 2020-03-16 23:54 - 000000000 ____D C:\Users\Nathan\AppData\Local\Greenshot
2020-03-16 23:31 - 2020-03-18 19:50 - 000000000 ____D C:\Program Files\Greenshot
2020-03-16 23:31 - 2020-03-18 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2020-03-16 23:30 - 2020-03-16 23:30 - 001783200 _____ (Greenshot ) C:\Users\Nathan\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE (1).exe
2020-03-16 23:26 - 2020-03-16 23:30 - 001783200 _____ (Greenshot ) C:\Users\Nathan\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
2020-03-16 22:53 - 2020-03-18 20:03 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-03-16 22:53 - 2020-03-18 20:03 - 000002300 _____ C:\Users\Public\Desktop\Brave.lnk
2020-03-16 22:53 - 2020-03-18 20:03 - 000002300 _____ C:\ProgramData\Desktop\Brave.lnk
2020-03-16 22:53 - 2020-03-18 19:19 - 000000000 ____D C:\Users\Nathan\AppData\Local\BraveSoftware
2020-03-16 22:51 - 2020-03-18 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-03-16 22:51 - 2020-03-18 19:34 - 000000000 ____D C:\Program Files\VS Revo Group
2020-03-16 22:51 - 2020-03-16 22:51 - 000000994 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-03-16 22:51 - 2020-03-16 22:51 - 000000994 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk
2020-03-16 22:47 - 2020-03-16 22:47 - 007432520 _____ (VS Revo Group ) C:\Users\Nathan\Downloads\revosetup.exe
2020-03-16 22:47 - 2020-03-16 22:47 - 000003336 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2020-03-16 22:47 - 2020-03-16 22:47 - 000003208 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2020-03-16 22:46 - 2020-03-18 19:12 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2020-03-16 22:44 - 2020-03-16 22:44 - 001298328 _____ (BraveSoftware Inc.) C:\Users\Nathan\Downloads\BraveBrowserSetup.exe
2020-03-16 22:33 - 2020-03-16 22:37 - 000000000 ____D C:\Users\Nathan\AppData\Local\TeamViewer
2020-03-16 22:27 - 2020-03-16 22:27 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\TeamViewer
2020-03-16 22:26 - 2020-03-16 22:26 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2020-03-16 22:26 - 2020-03-16 22:26 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2020-03-16 22:26 - 2020-03-16 22:26 - 000001035 _____ C:\ProgramData\Desktop\TeamViewer.lnk
2020-03-16 22:24 - 2020-03-18 23:08 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-03-16 22:18 - 2020-03-16 22:19 - 026985448 _____ (TeamViewer Germany GmbH) C:\Users\Nathan\Downloads\TeamViewer_Setup.exe
2020-03-16 22:18 - 2020-03-16 22:18 - 000230080 _____ (AVAST Software) C:\Users\Nathan\Downloads\avast_free_antivirus_setup_online.exe
2020-03-15 23:53 - 2020-03-15 23:53 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Poker Mavens 6
2020-03-15 23:16 - 2020-03-15 23:16 - 000000000 ____D C:\Users\Nathan\AppData\Local\cache
2020-03-15 18:00 - 2020-03-15 18:00 - 000000000 ____D C:\Users\Nathan\AppData\Local\mbam
2020-03-15 16:34 - 2020-03-15 16:34 - 000000000 ____D C:\Users\Nathan\AppData\Local\mbamtray
2020-03-15 04:01 - 2020-03-17 21:16 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\slobs-client
2020-03-15 03:37 - 2020-03-15 03:37 - 000000000 ____D C:\ProgramData\Sophos
2020-03-15 03:27 - 2020-03-15 03:27 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2020-03-15 03:25 - 2020-03-15 03:25 - 000000000 ____D C:\Program Files\Malwarebytes
2020-03-13 20:03 - 2020-03-18 23:10 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\discord
2020-03-13 20:03 - 2020-03-18 20:47 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-03-13 20:02 - 2020-03-18 20:47 - 000000000 ____D C:\Users\Nathan\AppData\Local\SquirrelTemp
2020-03-13 03:01 - 2020-03-13 03:01 - 000233080 _____ (AVAST Software) C:\Users\Nathan\Downloads\Unconfirmed 346898.crdownload
2020-03-13 02:53 - 2020-03-13 02:53 - 000233080 _____ (AVAST Software) C:\Users\Nathan\Downloads\Unconfirmed 522862.crdownload
2020-03-12 20:24 - 2020-03-12 20:24 - 000000000 ____D C:\RegBackup
2020-03-12 18:28 - 2020-03-18 09:41 - 000000000 ____D C:\Windows\SysWOW64\tron
2020-03-12 18:28 - 2020-03-18 09:41 - 000000000 ____D C:\Windows\SysWOW64\integrity_verification
2020-03-12 18:24 - 2020-03-18 09:42 - 000000000 ____D C:\Users\Nathan\Downloads\tron
2020-03-12 18:24 - 2020-02-05 12:27 - 000000000 ____D C:\Users\Nathan\Downloads\integrity_verification
2020-03-12 17:48 - 2020-03-12 17:48 - 424800866 _____ (Igor Pavlov) C:\Users\Nathan\Downloads\Unconfirmed 396016.crdownload
2020-03-12 17:05 - 2020-03-12 17:23 - 626332736 _____ (Igor Pavlov) C:\Users\Nathan\Downloads\Unconfirmed 108130.crdownload
2020-03-12 04:49 - 2020-03-12 05:04 - 325188194 _____ (Igor Pavlov) C:\Users\Nathan\Downloads\Unconfirmed 707891.crdownload
2020-03-12 04:47 - 2020-03-12 04:47 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-03-12 04:27 - 2020-03-18 09:42 - 000000000 ____D C:\Users\Nathan\Downloads\ComputerRepairFree
2020-03-12 04:26 - 2020-03-12 04:26 - 000997714 _____ C:\Users\Nathan\Downloads\ComputerRepairFree.zip
2020-03-12 04:02 - 2020-03-16 02:26 - 000000000 ____D C:\Windows\system32\Tasks\Outbyte
2020-03-12 04:01 - 2020-03-16 02:26 - 000000000 ____D C:\ProgramData\Outbyte
2020-03-12 04:00 - 2020-03-16 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte
2020-03-12 04:00 - 2020-03-16 02:26 - 000000000 ____D C:\Program Files (x86)\Outbyte
2020-03-12 03:35 - 2020-03-18 09:42 - 000000000 ____D C:\Users\Nathan\Desktop\Tor Browser
2020-03-12 03:22 - 2020-03-12 05:04 - 3973250207 _____ C:\Users\Nathan\Downloads\Qubes-R4.0.3-x86_64.iso.crdownload
2020-03-12 02:47 - 2020-03-12 03:29 - 1665965568 _____ C:\Users\Nathan\Downloads\Whonix-XFCE-15.0.0.8.9.ova
2020-03-12 01:26 - 2020-03-12 01:26 - 000370309 _____ C:\Users\Nathan\Downloads\wnetwatcher (1).zip
2020-03-12 01:23 - 2020-03-12 01:23 - 000370309 _____ C:\Users\Nathan\Downloads\wnetwatcher.zip
2020-03-11 22:57 - 2020-03-18 01:15 - 000000000 ____D C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
2020-03-11 14:27 - 2020-03-11 14:27 - 000007614 _____ C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2020-03-11 05:00 - 2020-03-13 03:28 - 000000000 ____D C:\Windows\system32\appmgmt
2020-03-11 02:48 - 2020-03-11 02:54 - 000000000 ____D C:\Windows\system32\MRT
2020-03-11 02:35 - 2020-03-13 03:13 - 000000000 ____D C:\Program Files (x86)\Zemana
2020-03-11 02:35 - 2020-03-11 02:35 - 000000000 ____D C:\Users\Nathan\AppData\Local\Zemana
2020-03-11 02:34 - 2020-03-13 03:13 - 000000000 ____D C:\Users\Nathan\AppData\Local\AMSDK
2020-03-11 02:13 - 2020-03-18 09:42 - 000000000 ____D C:\Program Files\HitmanPro
2020-03-11 02:12 - 2020-03-11 02:21 - 000000000 ____D C:\ProgramData\HitmanPro
2020-03-11 02:02 - 2020-03-11 02:02 - 000004575 _____ C:\Users\Nathan\Desktop\JRT.txt
2020-03-11 02:00 - 2020-03-11 02:00 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Nathan\Downloads\c6e90dea-1893-4abe-8e1d-6b2049caadb6.tmp
2020-03-11 01:34 - 2020-03-11 01:34 - 000000000 ____H C:\Users\Nathan\Documents\Default.rdp
2020-03-11 00:58 - 2020-03-11 01:02 - 000008216 _____ C:\Users\Nathan\Downloads\Addition.txt
2020-03-11 00:56 - 2020-03-18 23:19 - 000012397 _____ C:\Users\Nathan\Downloads\FRST.txt
2020-03-11 00:56 - 2020-03-18 23:18 - 000000000 ____D C:\FRST
2020-03-11 00:56 - 2020-03-11 01:02 - 000000000 ____D C:\AdwCleaner
2020-03-11 00:11 - 2020-03-18 04:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-11 00:10 - 2020-03-11 02:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-03-10 23:59 - 2020-03-15 01:13 - 000002128 _____ C:\Users\Nathan\Desktop\Rkill.txt
2020-03-10 23:51 - 2020-03-10 23:51 - 000000000 ____D C:\ProgramData\Caphyon
2020-03-10 23:50 - 2020-03-18 09:42 - 000000000 ____D C:\Program Files (x86)\NordVPN
2020-03-10 23:50 - 2020-03-10 23:51 - 000000000 ____D C:\Users\Nathan\AppData\Local\NordVPN
2020-03-10 23:50 - 2020-03-10 23:50 - 000000000 ____D C:\ProgramData\NordVPN
2020-03-10 23:47 - 2020-03-18 19:34 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2020-03-10 23:27 - 2020-03-18 19:20 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\NordVPN
2020-03-10 23:25 - 2020-03-10 23:26 - 014075160 _____ (NordVPN) C:\Users\Nathan\Downloads\NordVPNSetup.exe
2020-03-10 23:02 - 2020-03-10 23:43 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForNathan.job
2020-03-10 23:02 - 2020-03-10 23:02 - 000003192 _____ C:\Windows\system32\Tasks\HPCeeScheduleForNathan
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-03-18 23:18 - 2009-07-14 00:50 - 000025184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-03-18 23:18 - 2009-07-14 00:50 - 000025184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-03-18 23:07 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-18 20:45 - 2018-10-25 23:02 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-18 19:50 - 2018-10-25 23:02 - 000058688 _____ C:\Users\Nathan\AppData\Local\GDIPFONTCACHEV1.DAT
2020-03-18 19:48 - 2018-10-25 12:04 - 000000000 ____D C:\Users\Nathan
2020-03-18 19:37 - 2019-11-21 06:55 - 000000000 ____D C:\Program Files (x86)\Ignition Casino Poker
2020-03-18 19:35 - 2018-10-21 17:47 - 000000000 ____D C:\Windows\system32\nn-NO
2020-03-18 19:35 - 2009-07-14 01:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-03-18 19:35 - 2009-07-14 01:38 - 000000000 ____D C:\Program Files\Windows Sidebar
2020-03-18 19:35 - 2009-07-14 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Sidebar
2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 __RSD C:\Windows\Media
2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\Dism
2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\servicing
2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-03-18 19:35 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2020-03-18 19:34 - 2019-01-07 13:44 - 000000000 ____D C:\Users\Nathan\AppData\Local\HP_Inc
2020-03-18 19:34 - 2019-01-07 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-03-18 19:34 - 2019-01-07 12:56 - 000000000 ____D C:\Program Files\CCleaner
2020-03-18 19:34 - 2019-01-07 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2020-03-18 19:34 - 2019-01-07 12:47 - 000000000 ____D C:\Program Files (x86)\SplitmediaLabs
2020-03-18 19:34 - 2019-01-02 13:12 - 000000000 ____D C:\Program Files (x86)\GUM9F6.tmp
2020-03-18 19:34 - 2018-10-25 23:10 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2020-03-18 19:34 - 2018-10-25 22:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-03-18 19:34 - 2018-10-25 22:56 - 000000000 ____D C:\sp55040
2020-03-18 19:34 - 2018-10-21 17:46 - 000000000 ____D C:\Program Files (x86)\Cisco
2020-03-18 19:34 - 2018-10-21 17:46 - 000000000 ____D C:\Program Files (x86)\Atheros
2020-03-18 19:34 - 2018-10-21 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2020-03-18 19:34 - 2018-10-21 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2020-03-18 19:34 - 2018-10-21 17:26 - 000000000 ____D C:\Program Files\Defraggler
2020-03-18 19:34 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\AppCompat
2020-03-18 19:32 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2020-03-18 19:20 - 2019-01-07 12:44 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\SplitmediaLabs
2020-03-18 19:19 - 2018-10-25 23:11 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2020-03-18 19:13 - 2019-01-02 11:50 - 000000000 ____D C:\Program Files (x86)\Google
2020-03-18 14:59 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2020-03-18 10:52 - 2018-10-25 23:12 - 000000000 ____D C:\Users\Nathan\AppData\Local\Hewlett-Packard
2020-03-18 10:52 - 2018-10-21 17:41 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Hewlett-Packard
2020-03-18 09:29 - 2019-01-02 12:07 - 000000000 ____D C:\Users\Nathan\AppData\Local\Google
2020-03-18 06:08 - 2018-10-25 23:10 - 000000000 ____D C:\Users\Nathan\AppData\Local\AVAST Software
2020-03-17 02:19 - 2018-10-25 22:40 - 000003938 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0B5BC9E5-B145-413C-B7A7-F624C56450E1}
2020-03-17 01:48 - 2009-07-14 00:50 - 000271328 _____ C:\Windows\system32\FNTCACHE.DAT
2020-03-16 22:11 - 2018-10-21 17:27 - 000000410 _____ C:\Windows\Tasks\Defraggler Volume C Task.job
2020-03-11 22:41 - 2019-11-21 06:57 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\poker-client-electron-common
2020-03-11 22:03 - 2019-11-21 06:57 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\ignitioncasino-eu-poker
2020-03-11 02:12 - 2018-10-25 15:56 - 000000000 ____D C:\Windows\Panther
2020-03-10 23:35 - 2018-10-21 17:29 - 000774004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-03-10 23:35 - 2009-07-14 01:12 - 000774004 _____ C:\Windows\system32\PerfStringBackup.INI
==================== Files in the root of some directories ========
2020-03-11 14:27 - 2020-03-11 14:27 - 000007614 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-03-18 15:43
==================== End of FRST.txt ========================
Edited by steveairway, 18 March 2020 - 09:26 PM.