Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024 Ran by Dee Skelley (administrator) on ORIGINALWIN10 (06-10-2024 12:36:05) Running from C:\Users\Dee Skelley\Desktop\FRST64.exe Loaded Profiles: Dee Skelley Platform: Microsoft Windows 10 Home Version 22H2 19045.4957 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe (DriverStore\FileRepository\u0368456.inf_amd64_fc65705fd5034968\B367348\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0368456.inf_amd64_fc65705fd5034968\B367348\atieclxx.exe (services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0368456.inf_amd64_fc65705fd5034968\B367348\atiesrxx.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.224.9242.0_x64__8wekyb3d8bbwe\GameBar.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.224.9242.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4950_none_7dd913727cb4d87c\TiWorker.exe (svchost.exe ->) (VS REVO GROUP OOD -> VS Revo Group Ltd.) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe (wuauclt.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.419.362.0.exe (wuauclt.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\Run: [MicrosoftEdgeAutoLaunch_9E06BE8F7D505564A0EB94364EDC4BA2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3795008 2024-10-03] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2958740073-524152327-740456925-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\129.0.6668.90\Installer\chrmstp.exe [2024-10-03] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {33B7B7C9-3CD0-458A-B401-727EB5B130EF} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {ACE7DFD1-1D33-4F06-89BE-1455C4292002} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem130.0.6679.0{46B762EC-BEF6-47D3-B083-AEE0479F82C7} => C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe [4884584 2024-08-26] (Google LLC -> Google LLC) Task: {13B69687-8991-4675-9DC6-2416B3C47FA5} - System32\Tasks\Microsoft\Windows\Clip\ClipESU => C:\Windows\system32\clipesu.exe [221680 2024-09-28] (Microsoft Windows -> Microsoft Corporation) Task: {43490EF6-BA31-4365-8824-CA47C50724FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-10-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B6123782-DA06-4AF0-A67A-62F3816679CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-10-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4B791F1F-2B65-4798-9D29-EF73DB3B6A2F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-10-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F092F032-6F26-481A-8F30-42D0D38743AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-10-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {9984DECB-2584-403A-8353-405534E2F6DB} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {D6994431-9110-4FFC-8C13-68CA9EFAD27D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672328 2024-10-03] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {B48B1455-2B29-4B56-A7E0-85FD4976B0D3} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2958740073-524152327-740456925-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672328 2024-10-03] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {961B9945-6131-496B-9D20-0DA62BCD03E8} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-10-03] (Mozilla Corporation -> Mozilla Foundation) Task: {41683C65-1928-4C50-A838-7AB05494EFA0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {DBFED809-9F40-4A00-9E4D-CDDB77C93933} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [268576 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {85438D4E-F8F5-48A8-8BD5-BFBECFDD7D94} - System32\Tasks\VS Revo Group\RevoHelperFreeStartup => C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe [4013240 2024-09-24] (VS REVO GROUP OOD -> VS Revo Group Ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{a067245a-213d-47fd-9be3-53a8d9a6aa68}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{a067245a-213d-47fd-9be3-53a8d9a6aa68}: [DhcpDomain] hsd1.pa.comcast.net Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Dee Skelley\AppData\Local\Microsoft\Edge\User Data\Default [2024-10-05] Edge Extension: (Google Docs Offline) - C:\Users\Dee Skelley\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-28] Edge Extension: (Edge relevant text changes) - C:\Users\Dee Skelley\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-28] FireFox: ======== FF DefaultProfile: spq8mt6f.default FF ProfilePath: C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\spq8mt6f.default [2024-10-05] FF ProfilePath: C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release [2024-10-06] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2024-10-01] FF Extension: (Kaspersky Protection) - C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release\Extensions\light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com.xpi [2024-10-01] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2024-10-02] FF Extension: (JavaScript Toggle On and Off) - C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2022-05-23] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default [2024-10-05] CHR Extension: (Dark Mode) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2023-01-06] CHR Extension: (Return YouTube Dislike) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2023-05-14] CHR Extension: (Google Docs Offline) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-14] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-07-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-09] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "MpKsld59bede3" => service could not be unlocked. <==== ATTENTION HKLM\SYSTEM\ControlSet001\Services\MpKsld59bede3 => \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8191A1F5-F79A-4815-92B2-058D4B5F787B}\MpKslDrv.sys <==== ATTENTION (Rootkit!/Locked Service) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-03-05] (EasyAntiCheat Oy -> Epic Games, Inc) S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2022-10-28] (EasyAntiCheat Oy -> Epic Games, Inc.) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9019096 2024-10-05] (Malwarebytes Inc. -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-10-05] (Malwarebytes Inc. -> Malwarebytes) R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe [1431160 2024-10-04] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe [3199656 2024-10-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe [133704 2024-10-04] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [53904 2021-10-31] (AVAST Software s.r.o. -> The OpenVPN Project) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [287744 2022-04-17] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [147968 2022-04-17] (Microsoft Corporation) [File not signed] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [231504 2024-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-10-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [201280 2024-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [80448 2024-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2024-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [189776 2024-10-05] (Malwarebytes Inc. -> Malwarebytes) R3 RevoProcessDetector; C:\Windows\System32\DRIVERS\RevoProcessDetector.sys [19504 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22080 2024-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602392 2024-10-04] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-10-04] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-10-06 12:42 - 2024-10-06 12:42 - 000000000 ____D C:\Users\Dee Skelley\AppData\LocalLow\IGDump 2024-10-06 12:36 - 2024-10-06 12:37 - 000016207 _____ C:\Users\Dee Skelley\Desktop\FRST.txt 2024-10-05 13:19 - 2024-10-05 13:20 - 000000000 ____D C:\AdwCleaner 2024-10-05 13:18 - 2024-10-05 13:18 - 008790880 _____ (Malwarebytes) C:\Users\Dee Skelley\Desktop\AdwCleaner.exe 2024-10-05 13:14 - 2024-10-05 13:14 - 000001241 _____ C:\Users\Dee Skelley\Desktop\Malwarebytes Scan Report 2024-10-05 122544.txt 2024-10-05 12:24 - 2024-10-05 12:24 - 000189776 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2024-10-05 12:21 - 2024-10-06 12:39 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\Malwarebytes 2024-10-05 12:21 - 2024-10-05 12:21 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2024-10-05 12:21 - 2024-10-05 12:21 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2024-10-05 12:19 - 2024-10-05 12:19 - 000000000 ____D C:\ProgramData\Malwarebytes 2024-10-05 12:19 - 2024-10-05 12:19 - 000000000 ____D C:\Program Files\Malwarebytes 2024-10-05 12:17 - 2024-10-05 12:17 - 002549600 _____ (Malwarebytes) C:\Users\Dee Skelley\Desktop\MBSetup.exe 2024-10-03 18:35 - 2024-10-05 13:23 - 000000000 ____D C:\Users\Dee Skelley\Desktop\OldScans 2024-10-03 18:19 - 2024-10-04 18:49 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-10-02 11:36 - 2024-10-02 11:36 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2024-10-02 11:36 - 2024-10-02 11:36 - 000000000 ____D C:\Windows\system32\Tasks\VS Revo Group 2024-10-02 11:36 - 2024-10-02 11:36 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\VS Revo Group 2024-10-02 11:36 - 2024-10-02 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2024-10-02 11:36 - 2024-10-02 11:36 - 000000000 ____D C:\Program Files\VS Revo Group 2024-10-02 11:34 - 2024-10-02 11:34 - 011321064 _____ (VS Revo Group ) C:\Users\Dee Skelley\Desktop\revosetup.exe 2024-10-01 15:31 - 2024-10-06 12:36 - 000000000 ____D C:\FRST 2024-10-01 15:29 - 2024-10-01 15:29 - 002397696 _____ (Farbar) C:\Users\Dee Skelley\Desktop\FRST64.exe 2024-09-28 17:48 - 2024-09-28 17:48 - 000000000 ___HD C:\$WinREAgent 2024-09-28 17:10 - 2024-09-28 17:11 - 000000000 ____D C:\Windows\system32\compatrel 2024-09-28 17:10 - 2024-09-28 17:10 - 000000000 ____D C:\Windows\InboxApps 2024-09-28 15:33 - 2024-09-28 15:33 - 000021724 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-09-28 15:29 - 2024-09-28 15:29 - 000021724 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2024-09-27 12:48 - 2024-09-27 12:48 - 000000000 ____D C:\Windows\system32\o2 2024-09-26 15:15 - 2024-09-26 15:15 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-10-06 12:38 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-10-06 12:35 - 2022-03-05 15:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-10-06 12:32 - 2021-07-08 14:38 - 000840954 _____ C:\Windows\system32\PerfStringBackup.INI 2024-10-06 12:32 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF 2024-10-05 20:30 - 2021-07-08 17:31 - 000000000 ____D C:\Windows\system32\SleepStudy 2024-10-05 12:20 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2024-10-05 11:57 - 2021-07-08 17:31 - 000008192 ___SH C:\DumpStack.log.tmp 2024-10-05 11:57 - 2021-07-08 17:31 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2024-10-05 11:56 - 2021-07-08 15:00 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2024-10-05 11:56 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI 2024-10-04 19:16 - 2021-07-08 17:31 - 000000000 ____D C:\Windows\system32\Drivers\wd 2024-10-04 19:07 - 2019-12-07 05:03 - 000032768 _____ C:\Windows\system32\config\ELAM 2024-10-04 19:04 - 2021-07-08 15:05 - 000918944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2024-10-04 18:50 - 2021-11-22 18:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-10-04 18:20 - 2021-07-08 15:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-10-04 18:20 - 2021-07-08 15:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2024-10-04 18:19 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2024-10-04 18:19 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness 2024-10-03 18:46 - 2021-11-22 18:55 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-10-03 18:46 - 2021-11-22 18:55 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2024-10-03 17:43 - 2021-12-30 17:32 - 000000000 ____D C:\Windows\SystemTemp 2024-10-03 17:43 - 2021-07-09 10:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-10-03 17:43 - 2021-07-09 10:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2024-10-02 16:14 - 2021-07-08 15:36 - 000003464 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-10-02 16:14 - 2021-07-08 15:36 - 000003240 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-10-02 12:23 - 2021-07-08 14:49 - 000000000 ____D C:\Users\Dee Skelley 2024-10-02 11:25 - 2021-07-08 14:49 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\ConnectedDevicesPlatform 2024-10-01 15:10 - 2021-07-08 14:49 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\Packages 2024-10-01 15:08 - 2021-07-22 18:32 - 000000000 ____D C:\Program Files (x86)\Steam 2024-10-01 15:07 - 2022-07-31 21:58 - 000000000 ____D C:\Riot Games 2024-10-01 15:07 - 2022-07-31 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games 2024-10-01 15:06 - 2022-07-31 23:21 - 000000001 _____ C:\Windows\vgkbootstatus.dat 2024-10-01 15:03 - 2021-07-22 19:50 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\D3DSCache 2024-09-30 16:49 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources 2024-09-30 16:49 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp 2024-09-30 16:42 - 2022-06-26 14:32 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\Oculus 2024-09-30 16:36 - 2021-07-22 18:34 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\Steam 2024-09-30 16:18 - 2022-05-01 14:51 - 000001898 _____ C:\Users\Dee Skelley\Desktop\Steam.lnk 2024-09-30 16:12 - 2021-07-08 14:58 - 000000000 ____D C:\Users\Dee Skelley\AppData\Roaming\Microsoft\MMC 2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV 2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT 2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE 2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX 2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lv-LV 2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lt-LT 2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\et-EE 2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\es-MX 2024-09-30 15:59 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2024-09-30 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports 2024-09-30 12:53 - 2021-07-25 03:19 - 000000000 ____D C:\Windows\Minidump 2024-09-30 11:59 - 2021-07-08 17:31 - 000259496 _____ C:\Windows\system32\FNTCACHE.DAT 2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe 2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism 2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser 2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellExperiences 2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr 2024-09-29 04:15 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat 2024-09-28 17:27 - 2021-07-08 14:49 - 000000000 ____D C:\ProgramData\Packages 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\SysWOW64\F12 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\UNP 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\F12 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Com 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Sysprep 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\ShellExperiences 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\DDFs 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Com 2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers 2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Portable Devices 2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform 2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices 2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog 2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellComponents 2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\schemas 2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning 2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\IME 2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender 2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System 2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2024-09-28 17:10 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing 2024-09-28 15:47 - 2019-12-07 05:52 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll 2024-09-28 15:47 - 2019-12-07 05:52 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml 2024-09-28 15:47 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2024-09-28 15:47 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll 2024-09-28 15:28 - 2021-07-08 17:33 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2024-09-27 13:14 - 2021-07-08 15:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2024-09-27 13:14 - 2021-07-08 15:03 - 000000000 ____D C:\Windows\system32\MRT 2024-09-27 13:11 - 2021-07-08 15:03 - 199688632 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2024-09-27 12:29 - 2023-10-19 13:02 - 000000000 ____D C:\Program Files\RUXIM 2024-09-26 15:15 - 2021-07-09 10:30 - 000000000 ____D C:\Program Files (x86)\Google ==================== Files in the root of some directories ======== 2022-05-22 22:23 - 2022-05-22 22:23 - 000007601 _____ () C:\Users\Dee Skelley\AppData\Local\Resmon.ResmonCfg 2023-07-11 15:50 - 2023-07-11 15:50 - 000000000 _____ () C:\Users\Dee Skelley\AppData\Local\{8DBA7834-C4DF-4289-A385-9CA2351BCCD5} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================