FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.
2019 01
Ran by crim (administrator) on CRIM-SEC (18-01-2019 11:15:14)
Running from C:\Users\crim\Downloads
Loaded Profiles: crim (Available Profiles: defaultuser0 & crim)
Platform: Windows 10 Home Single Language Version 1803 17134.523 (X64) Language:
English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will
not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft
shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Lenovo Group Ltd.) C:\Program
Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Corporation) C:\Program Files\Common
Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program
Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundH
ost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files
(x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support
Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine
Components\DAL\jhi_service.exe
(Lenovo) C:\Program Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine
Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA
Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA
Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-
servicingstack_31bf3856ad364e35_10.0.17134.464_none_eaf315ac1d6e512f\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe

[638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
[18389440 2018-10-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files
(x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files
(x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files
(x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink
Corp.)
HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-25]
(Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-
17] ()
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files
(x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [331344 2015-07-22] (HP Development
Company, L.P.)
HKLM-x32\...\Run: [kbdsprt] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common
Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\Run: [Chromium] =>
c:\users\crim\appdata\local\chromium\application\chrome.exe [828416 2017-01-21]
(The Chromium Authors)
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\Run: [Simple Sticky Notes] =>
C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [1429952 2018-04-15]
(Simnet Ltd. )
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\MountPoints2: D -
"D:\autorun.exe"
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\MountPoints2: {022a798f-c834-
11e8-84dc-58fb849ff9b1} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\MountPoints2: {077e97cc-ceb3-
11e8-84e3-58fb849ff9b1} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\MountPoints2: {48ef0fff-bbe8-
11e8-84cf-8e990aa10ab6} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\MountPoints2: {4e229289-af11-
11e8-84c4-58fb849ff9b1} - "I:\AutoRun.exe"
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\MountPoints2: {550e9da9-78db-
11e8-8480-58fb849ff9b1} - "E:\Setup.exe" /s
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\MountPoints2: {59c7a31b-9b67-
11e8-84ae-58fb849ff9b1} - "H:\Lenovo_Suite.exe"
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\...\MountPoints2: {c66f806c-07a5-
11e8-8410-58fb849ff9b1} - "H:\Setup.exe" /s
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\Control
Panel\Desktop\\SCRNSAVE.EXE -> G:\WHENWE~1.SCR
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-
AFF1-A69D9E530F96}] -> C:\Program Files
(x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-13]
(Google Inc.)
IFEO\maintenanceservice.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced
SystemCare\AutoReactivator.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk
[2018-08-24]
ShortcutTarget: rvlkl.lnk -> C:\Windows\System32\rvlkl.exe (Logixoft)
Startup: C:\Users\crim\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\HP_c65448bc-e467-4ec7-b4a5-246697f52957.lnk [2019-01-15]
ShortcutTarget: HP_c65448bc-e467-4ec7-b4a5-246697f52957.lnk -> C:\Program Files
(x86)\HP\csiInstaller\c65448bc-e467-4ec7-b4a5-246697f52957\Setup.exe (Hewlett-
Packard)
Startup: C:\Users\crim\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\MEGAsync.lnk [2018-08-04]
ShortcutTarget: MEGAsync.lnk -> C:\Users\crim\AppData\Local\MEGAsync\MEGAsync.exe
(Mega Limited)
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed

or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.10

Tcpip\..\Interfaces\{1a4019c8-792a-48ae-92d1-11902c120e4f}: [DhcpNameServer]
192.168.5.10
Tcpip\..\Interfaces\{550e36c7-6f53-4a0d-9535-23959c5bd817}: [DhcpNameServer]
192.168.43.1
Tcpip\..\Interfaces\{e4141e63-ab13-45d0-8d5e-328ac3d0d709}: [DhcpNameServer]
172.16.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1609226357-2572486139-419568603-1001\Software\Microsoft\Internet
Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1609226357-2572486139-419568603-1001 -> DefaultScope
{E1023BDD-202B-4650-8039-1E10398BCAA4} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program
Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->
C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-01-12]
(Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->
C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2019-01-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->
C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-11] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-
2923E76605DA} -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-12]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
[2019-01-12] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
FireFox:
========
FF DefaultProfile: c4cmaus0.default-1533118937090
FF ProfilePath:
C:\Users\crim\AppData\Roaming\Mozilla\Firefox\Profiles\c4cmaus0.default-
1533118937090 [2019-01-18]
FF Extension: (Avast SafePrice) -
1533118937090\Extensions\sp@avast.com.xpi [2019-01-17]
FF Extension: (Avast Online Security) -
1533118937090\Extensions\wrc@avast.com.xpi [2019-01-17]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program
Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-11] (Oracle
Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program
Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-11] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\Office16\NPSPWRAP.DLL [2018-12-12] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 ->
C:\Program Files (x86)\Intel\Intel(R) Management Engine
Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files
(x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[2015-08-25] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-12-12]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files
(x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\crim\AppData\Local\Google\Chrome\User Data\Default [2019-01-
18]
CHR Extension: (Slides) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-26]
CHR Extension: (Docs) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-26]
CHR Extension: (Google Drive) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-26]
CHR Extension: (YouTube) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-26]
CHR Extension: (Avira Password Manager) -
C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2019-01-18]
CHR Extension: (Sheets) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-26]
CHR Extension: (Avira Browser Safety) -
Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-01-18]
CHR Extension: (Google Docs Offline) -
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Grammarly for Chrome) -
Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-01-18]
CHR Extension: (Search Manager) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2019-01-04]
CHR Extension: (Chrome Web Store Payments) -
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
CHR Extension: (Search Manager) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2019-01-04]
CHR Extension: (Gmail) - C:\Users\crim\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-26]
CHR Extension: (Chrome Media Router) -
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-05]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -
hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] -
CHR HKU\S-1-5-21-1609226357-2572486139-419568603-
1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
[dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1609226357-2572486139-419568603-
[nahhmpbckpgdidfnmfkfgiflpjijilce] -
CHR HKU\S-1-5-21-1609226357-2572486139-419568603-
[pilplloabdedfmialnfchjomjmpjcoej] -
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] -
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\OfficeClickToRun.exe [9619616 2019-01-02] (Microsoft Corporation)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824
2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files
(x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not
signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP
Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP
Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files
(x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-08-23] ()
[File not signed]
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-10-17] (Intel Corporation)
R2 ImControllerService; C:\Program
Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71040 2018-11-16]
(Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program
Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R)
Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security
Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security
Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine
Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation)
S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not
signed]
R2 LiveStorageService; C:\Program
Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe [730160 2016-11-22] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-
05] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.)
[File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.)
[File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit
Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies
Co.Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-
0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-
0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe
[495840 2018-01-26] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
[3833248 2016-04-05] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA
Corporation\Display.NvContainer\NVDisplay.Container.exe" -s
NVDisplay.ContainerLocalSystem -f
"C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program
Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
R3 btmaux; C:\WINDOWS\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola
Solutions, Inc.)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2019-01-18] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung
Electronics Co., Ltd.)
S3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31824 2017-05-04] (ELAN
Microelectronic Corp.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-
08-23] (Huawei Technologies Co., Ltd.)
R0 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-09] (Intel
Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-06-30]
(REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-08-23] (Huawei
Technologies Co., Ltd.) [File not signed]
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [967696 2018-10-17] (Intel
Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [141848 2018-10-17] (Intel
Corporation)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2015-05-07] (Intel
Corporation)
S3 LEMo602D; C:\WINDOWS\system32\DRIVERS\LEMo602D.sys [24064 2011-04-19] (Primax
Electronics Ltd.)
S3 LEub602D; C:\WINDOWS\system32\DRIVERS\LEub602D.sys [18944 2011-05-17] (Primax
Electronics Ltd.)
S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw04.sys [3557864 2018-06-30] (Intel
Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8714872 2019-01-14] (Intel
Corporation)
R3 nvlddmkm;
C:\WINDOWS\System32\DriverStore\FileRepository\nvlei.inf_amd64_d008df16fb086900\nvl
ddmkm.sys [20605496 2018-10-17] (NVIDIA Corporation)
S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [39936 2015-01-28]
(QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM
Incorporated)
S3 qcusbwwan; C:\WINDOWS\System32\drivers\qcusbwwan.sys [557112 2017-03-15]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1118648 2018-10-17] (Realtek
)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [430016 2018-10-17] (Realsil
Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [66264 2019-01-14]
(Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung
Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18]
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-06-01]
(The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896
2017-09-13] (The OpenVPN Project)
S3 usbser; C:\Windows\SysWOW64\drivers\usbser.sys [25600 2014-05-13] (Microsoft
Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft
Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11]
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11]
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware
Fighter\drivers\win10_amd64\IMFMBRProtect.sys [X]
S4 IMFSafeBox; \??\C:\Program Files (x86)\IObit\IObit Malware
Fighter\drivers\win10_amd64\IMFSafeBox.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-18 11:15 - 2019-01-18 11:15 - 000023554 _____

C:\Users\crim\Downloads\FRST.txt
2019-01-18 11:15 - 2019-01-18 11:15 - 000000000 ____D C:\FRST
2019-01-18 11:13 - 2019-01-18 11:13 - 000000836 _____ C:\Users\crim\Desktop\JRT.txt
2019-01-18 11:05 - 2019-01-18 11:07 - 000002222 _____
C:\Users\crim\Desktop\Rkill.txt
2019-01-18 11:04 - 2019-01-18 11:04 - 000000000 ____D C:\ProgramData\rvlkl
2019-01-18 10:59 - 2019-01-18 10:59 - 002427904 _____ (Farbar)
C:\Users\crim\Downloads\FRST64.exe
2019-01-18 10:59 - 2019-01-18 10:59 - 001802704 _____ (Bleeping Computer, LLC)
C:\Users\crim\Downloads\rkill(1).exe
2019-01-18 10:59 - 2019-01-18 10:59 - 001790024 _____ (Malwarebytes)
C:\Users\crim\Downloads\JRT(1).exe
2019-01-18 10:58 - 2019-01-18 10:58 - 007320272 _____ (Malwarebytes)
C:\Users\crim\Downloads\AdwCleaner(1).exe
2019-01-18 09:51 - 2019-01-18 10:26 - 000000000 ____D C:\Users\crim\Desktop\JUSTINE
2019-01-17 14:36 - 2019-01-17 14:36 - 000000000 ____D
C:\Users\crim\AppData\Local\CrashDumps
2019-01-17 14:32 - 2019-01-17 14:33 - 002748061 _____ (Kephyr)
C:\Users\crim\Downloads\freefixersetup.exe
2019-01-17 10:09 - 2019-01-18 10:43 - 000000000 _____ C:\WINDOWS\system32\last.dump
2019-01-17 10:09 - 2019-01-17 10:09 - 000000000 ____D
C:\WINDOWS\System32\Tasks\Avast Software
2019-01-17 10:05 - 2019-01-17 10:05 - 000000000 ____D C:\Program Files\Common
Files\AVAST Software
2019-01-17 10:02 - 2019-01-18 10:55 - 000000000 ____D C:\ProgramData\AVAST Software
2019-01-17 10:02 - 2019-01-17 10:02 - 000212032 _____ (AVAST Software)
C:\Users\crim\Downloads\avast_free_antivirus_setup_online-1.exe
2019-01-17 09:46 - 2019-01-17 09:47 - 005822312 _____ (Avira Operations GmbH & Co.
KG) C:\Users\crim\Downloads\avira_en_fass0_5c3fdaf2d44c8__ws.exe
2019-01-17 01:08 - 2019-01-17 01:09 - 004263629 _____ C:\Users\crim\Downloads\CMO-
No.-05-s.-2018-PSG-for-BS-Criminology.pdf
2019-01-16 18:44 - 2019-01-16 19:23 - 000000000 ____D
C:\Users\crim\Desktop\SYLLABUS
2019-01-16 18:40 - 2019-01-16 19:46 - 1053179276 _____
C:\Users\crim\Downloads\Bohemian.Rhapsody.2018.720p.DVDScr.x264-MkvZone.me.mkv.mp4
2019-01-16 18:34 - 2019-01-16 18:34 - 000000000 ____D
C:\Users\crim\Downloads\103519-hunter-killer-[English-subtitles.org]
2019-01-16 18:33 - 2019-01-16 18:33 - 000034604 _____
C:\Users\crim\Downloads\103519-hunter-killer-[English-subtitles.org].zip
2019-01-16 18:30 - 2019-01-16 18:30 - 000000000 ____D C:\WINDOWS\LastGood
2019-01-16 18:04 - 2019-01-16 18:35 - 948733326 _____
C:\Users\crim\Downloads\Hunter Killer.2018.720p.WEB-DL.x264.900MB-
MkvZone.me.mkv.mp4
2019-01-15 14:19 - 2019-01-15 17:15 - 092404304 _____
C:\Users\crim\Downloads\LJPro_MFP_M125-126_basic_15309(1).exe
2019-01-15 14:13 - 2019-01-15 14:19 - 092404304 _____
C:\Users\crim\Downloads\LJPro_MFP_M125-126_basic_15309.exe
2019-01-15 09:57 - 2019-01-15 17:20 - 000000000 ____D C:\HP_LaserJet_Pro_MFP_M125-
M126
2019-01-14 21:55 - 2019-01-14 21:55 - 000000000 ____D
C:\Users\Public\Documents\Hewlett-Packard
2019-01-14 21:55 - 2019-01-14 21:55 - 000000000 _____ C:\WINDOWS\HPMProp.INI
2019-01-14 21:53 - 2018-08-20 09:13 - 000531640 _____ (HP Inc.)
C:\WINDOWS\system32\hpcpn220.dll
2019-01-14 21:53 - 2018-08-20 09:13 - 000265400 _____ (HP Inc.)
C:\WINDOWS\system32\hpmml220.dll
2019-01-14 21:53 - 2018-08-20 09:13 - 000242360 _____ (HP Inc.)
C:\WINDOWS\system32\hpmja220.dll
2019-01-14 21:53 - 2018-08-20 09:13 - 000230072 _____ (HP Inc.)
C:\WINDOWS\system32\hpmpm082.dll
2019-01-14 21:53 - 2018-08-20 09:13 - 000204472 _____ (HP Inc.)
C:\WINDOWS\system32\hpmtp220.dll
2019-01-14 21:53 - 2018-08-20 09:13 - 000178872 _____ (HP Inc.)
C:\WINDOWS\system32\hpcjpm.dll
2019-01-14 21:53 - 2018-08-20 09:13 - 000128184 _____ (HP Inc.)
C:\WINDOWS\system32\hpmpw082.dll
2019-01-14 21:53 - 2018-08-20 09:12 - 000496312 _____ (HP Inc.)
C:\WINDOWS\SysWOW64\hpcc3220.dll
2019-01-14 21:53 - 2018-08-20 09:12 - 000310968 _____ (HP Inc.)
C:\WINDOWS\system32\hpmlm190.dll
2019-01-14 21:53 - 2018-08-20 09:12 - 000195768 _____ (Hewlett-Packard)
C:\WINDOWS\system32\hppdcompio.dll
2019-01-14 21:53 - 2018-08-20 09:12 - 000061624 _____ (Hewlett-Packard)
C:\WINDOWS\system32\FxCompChannel_x64.dll
2019-01-14 21:51 - 2019-01-14 21:53 - 000000000 ____D C:\HP Universal Print Driver
2019-01-14 21:48 - 2019-01-14 21:48 - 000000000 ____D C:\Users\crim\Downloads\PARK-
v1.8.5
2019-01-14 21:09 - 2019-01-15 09:04 - 000002088 _____ C:\Users\Public\Desktop\HP
Print and Scan Doctor.lnk
2019-01-14 20:30 - 2019-01-15 14:04 - 000000000 ____D C:\HP_M125_126_LED_FW_Update
2019-01-14 19:18 - 2015-04-30 07:52 - 001022984 _____ (Hewlett-Packard)
C:\WINDOWS\system32\hpptsplj125126_x64.dll
2019-01-14 19:18 - 2015-04-30 07:52 - 000828936 _____ (Hewlett-Packard)
C:\WINDOWS\SysWOW64\hpptsplj125126.dll
2019-01-14 19:18 - 2015-04-30 07:52 - 000584712 _____ (HP Inc., LP)
C:\WINDOWS\system32\hpwia2_lj125126.dll
2019-01-14 19:16 - 2019-01-14 19:16 - 000000000 ____H
C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2019-01-14 19:16 - 2019-01-14 19:16 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-01-14 19:16 - 2019-01-14 19:16 - 000000000 ____D C:\Users\crim\Documents\My
Received Files
2019-01-14 19:15 - 2019-01-14 19:15 - 000066264 _____ (Synaptics Incorporated)
C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2019-01-14 19:12 - 2011-05-17 11:31 - 000018944 _____ (Primax Electronics Ltd.)
C:\WINDOWS\system32\Drivers\LEub602D.sys
2019-01-14 19:12 - 2011-04-19 15:20 - 000024064 _____ (Primax Electronics Ltd.)
C:\WINDOWS\system32\Drivers\LEMo602D.SYS
2019-01-14 18:41 - 2019-01-14 18:41 - 000000017 _____
C:\Users\crim\AppData\Local\resmon.resmoncfg
2019-01-14 17:52 - 2019-01-14 17:52 - 000339372 _____
C:\Users\crim\Downloads\397309742-Performance-of-Schools-Crim-Board-Exam.pdf
2019-01-14 17:32 - 2019-01-14 17:32 - 008714872 _____ (Intel Corporation)
C:\WINDOWS\system32\Drivers\Netwtw04.sys
2019-01-14 17:32 - 2019-01-14 17:32 - 000165160 _____
C:\WINDOWS\system32\IntelWifiIhv04.dll
2019-01-14 17:22 - 2019-01-14 17:22 - 139419816 _____
C:\Users\crim\Desktop\ASC_Portable.zip
2019-01-14 16:36 - 2019-01-14 16:58 - 603029100 _____
C:\Users\crim\Downloads\drama_39644.mp4-480.mp4
2019-01-12 15:53 - 2019-01-12 16:40 - 895341226 _____ C:\Users\crim\Downloads\
(autoP%20-%20mp4)%20Unstoppable+Episode+1.mp4
2019-01-12 09:14 - 2019-01-12 09:14 - 044609536 _____
C:\WINDOWS\system32\config\COMPONENTS.iobit
2019-01-12 09:14 - 2019-01-12 09:14 - 008675328 _____
C:\WINDOWS\system32\config\DRIVERS.iobit
2019-01-12 09:08 - 2019-01-16 16:01 - 000000000 ____D
C:\Users\crim\Downloads\archive
2019-01-11 10:54 - 2019-01-16 08:16 - 000000346 _____
C:\WINDOWS\Tasks\HPCeeScheduleForcrim.job
2019-01-11 10:54 - 2019-01-15 10:54 - 000003234 _____
C:\WINDOWS\System32\Tasks\HPCeeScheduleForcrim
2019-01-11 10:15 - 2019-01-11 10:15 - 000000000 ____D
C:\Users\crim\AppData\Roaming\DataWorks
2019-01-11 10:05 - 2019-01-11 10:05 - 000000000 ____D C:\ProgramData\{BE2ACE5C-
32B7-4777-9BDF-ECF87CDAB705}
2019-01-11 09:42 - 2018-09-20 12:12 - 001483576 _____ (Microsoft Corporation)
C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-01-11 09:23 - 2016-03-25 14:33 - 000128288 _____ (IObit)
C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2019-01-11 09:23 - 2016-03-22 11:02 - 000036824 _____ (IObit)
C:\WINDOWS\system32\SmartDefragBootTime.exe
2019-01-11 09:17 - 2019-01-11 09:17 - 000110968 _____ (Oracle Corporation)
C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2019-01-11 09:16 - 2019-01-11 09:16 - 001682896 _____ (NVIDIA Corporation)
C:\WINDOWS\system32\nvhdagenco6420103.dll
C:\WINDOWS\system32\Drivers\nvhda64v.sys
C:\WINDOWS\system32\nvhdap64.dll
2019-01-10 17:11 - 2019-01-10 17:11 - 108879872 _____
C:\WINDOWS\system32\config\SOFTWARE.iobit
2019-01-10 17:11 - 2019-01-10 17:11 - 002084864 _____
C:\WINDOWS\system32\config\DEFAULT.iobit
2019-01-10 17:11 - 2019-01-10 17:11 - 000040960 _____
C:\WINDOWS\system32\config\SECURITY.iobit
2019-01-10 17:11 - 2019-01-10 17:11 - 000028672 _____
C:\WINDOWS\system32\config\SAM.iobit
2019-01-10 17:07 - 2019-01-10 17:07 - 000000000 ____D
C:\WINDOWS\Tasks\ImCleanDisabled
2019-01-10 17:07 - 2019-01-10 17:07 - 000000000 ____D C:\ProgramData\{F86B0233-
9A85-4589-8AAF-524CC4F8211B}
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\SysWOW64\ieframe.dll
C:\WINDOWS\system32\hvix64.exe
C:\WINDOWS\system32\hvax64.exe
C:\WINDOWS\system32\hvloader.dll
C:\WINDOWS\system32\combase.dll
C:\WINDOWS\system32\WinTypes.dll
C:\WINDOWS\system32\Drivers\cng.sys
C:\WINDOWS\system32\Drivers\ksecpkg.sys
C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\msxml6.dll
C:\WINDOWS\system32\Drivers\ntfs.sys
C:\WINDOWS\system32\MSVideoDSP.dll
C:\WINDOWS\system32\Drivers\tm.sys
C:\WINDOWS\system32\mshtml.dll
C:\WINDOWS\system32\EdgeContent.dll
C:\WINDOWS\system32\EdgeManager.dll
C:\WINDOWS\system32\Chakradiag.dll
C:\WINDOWS\system32\Chakra.dll
C:\WINDOWS\system32\WebRuntimeManager.dll
C:\WINDOWS\system32\dhcpcore.dll
C:\WINDOWS\system32\lsasrv.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\Windows.Web.dll
C:\WINDOWS\system32\rpcss.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\edgeIso.dll
C:\WINDOWS\SysWOW64\combase.dll
C:\WINDOWS\SysWOW64\iertutil.dll
C:\WINDOWS\SysWOW64\msxml6.dll
C:\WINDOWS\SysWOW64\Chakra.dll
C:\WINDOWS\SysWOW64\dhcpcore.dll
C:\WINDOWS\SysWOW64\wininet.dll
C:\WINDOWS\SysWOW64\urlmon.dll
C:\WINDOWS\system32\iemigplugin.dll
C:\WINDOWS\system32\windowslivelogin.dll
C:\WINDOWS\system32\wlidcli.dll
C:\WINDOWS\system32\wlidcredprov.dll
C:\WINDOWS\system32\bcastdvruserservice.dll
C:\WINDOWS\SysWOW64\windowslivelogin.dll
C:\WINDOWS\SysWOW64\wlidcli.dll
C:\WINDOWS\SysWOW64\wlidcredprov.dll
C:\WINDOWS\system32\SecConfig.efi
C:\WINDOWS\system32\tcblaunch.exe
C:\WINDOWS\system32\Drivers\hvservice.sys
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
C:\WINDOWS\system32\browserbroker.dll
C:\WINDOWS\system32\browser_broker.exe
C:\WINDOWS\system32\edgehtml.dll
C:\WINDOWS\system32\browserexport.exe
C:\WINDOWS\system32\Drivers\wanarp.sys
C:\WINDOWS\system32\Print.Workflow.Source.dll
C:\WINDOWS\system32\MusNotification.exe
C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
C:\WINDOWS\system32\dssvc.dll
C:\WINDOWS\system32\MSPhotography.dll
C:\WINDOWS\system32\webplatstorageserver.dll
C:\WINDOWS\system32\wlidprov.dll
C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
C:\WINDOWS\system32\wlidsvc.dll
C:\WINDOWS\system32\aadtb.dll
C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
C:\WINDOWS\SysWOW64\WinTypes.dll
C:\WINDOWS\SysWOW64\MSVideoDSP.dll
C:\WINDOWS\SysWOW64\msv1_0.dll
C:\WINDOWS\SysWOW64\edgehtml.dll
C:\WINDOWS\SysWOW64\mshtml.dll
C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
C:\WINDOWS\SysWOW64\MSPhotography.dll
C:\WINDOWS\SysWOW64\wincorlib.dll
C:\WINDOWS\SysWOW64\d2d1.dll
C:\WINDOWS\SysWOW64\EdgeManager.dll
C:\WINDOWS\SysWOW64\edgeIso.dll
C:\WINDOWS\SysWOW64\webplatstorageserver.dll
C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
C:\WINDOWS\SysWOW64\Windows.Web.dll
C:\WINDOWS\SysWOW64\msIso.dll
C:\WINDOWS\SysWOW64\aadtb.dll
C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
C:\WINDOWS\SysWOW64\kerberos.dll
C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 09:21 - 2019-01-01 13:23 - 000001310 _____
C:\WINDOWS\system32\tcbres.wim
C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-07 13:44 - 2019-01-07 13:44 - 000026624 _____
C:\Users\crim\Downloads\Enrollment List.xls
2019-01-07 13:30 - 2019-01-07 19:10 - 1977998862 _____
C:\Users\crim\Downloads\W0rld-W2r-Z-2013-1080p-hdp0pc0rns.mp4
2019-01-05 15:50 - 2019-01-05 15:50 - 000000000 ____D
C:\Users\crim\Downloads\traintobusan2016720pblurayx264ytsag-english-101086
2019-01-05 15:47 - 2019-01-05 15:50 - 000000000 ____D
C:\Users\crim\Downloads\91305-train-to-busan-[English-subtitles.org]
2019-01-04 15:39 - 2019-01-12 10:40 - 000000000 ____D C:\WINDOWS\Panther
2019-01-04 15:37 - 2019-01-04 15:38 - 000000000 ____D C:\AdwCleaner
2019-01-03 15:04 - 2019-01-03 15:24 - 642122688 _____ C:\Users\crim\Downloads\
(autoP%20-%20mp4)%20Monstrum+Episode+1.mp4
2019-01-03 14:05 - 2019-01-03 14:57 - 1369425121 _____
C:\Users\crim\Downloads\The.Great.Battle.2018.AsianFall.Com.mp4
2019-01-03 13:43 - 2019-01-03 13:43 - 000000000 ____D
C:\Users\crim\Downloads\100488-rampant-[English-subtitles.org]
2019-01-03 11:19 - 2019-01-03 11:19 - 025239552 _____
C:\Users\crim\Downloads\4kvideodownloader_4.4.11.msi
2018-12-21 15:22 - 2018-12-21 19:26 - 796811453 _____
C:\Users\crim\Downloads\HDPOPCORNS.Johnny-English-Strikes-Again-2018-720p.mp4
2018-12-21 14:15 - 2018-12-21 14:18 - 000283648 _____ C:\Users\crim\Desktop\Midterm
Grading Sheet EVIDENCE.xls
2018-12-20 11:57 - 2018-12-21 14:11 - 000000000 ____D
C:\Users\crim\Desktop\DR.PAGALA
C:\WINDOWS\SysWOW64\msvproc.dll
C:\WINDOWS\system32\ApplyTrustOffline.exe
C:\WINDOWS\system32\winload.efi
C:\WINDOWS\system32\winload.exe
C:\WINDOWS\system32\winresume.efi
C:\WINDOWS\system32\msvproc.dll
C:\WINDOWS\system32\winresume.exe
C:\WINDOWS\SysWOW64\MSVPXENC.dll
C:\WINDOWS\SysWOW64\jscript.dll
C:\WINDOWS\system32\AppXDeploymentServer.dll
C:\WINDOWS\system32\AppXApplicabilityBlob.dll
C:\WINDOWS\system32\d2d1.dll
C:\WINDOWS\system32\MSVPXENC.dll
C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
C:\WINDOWS\system32\Windows.CloudStore.dll
C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
C:\WINDOWS\system32\jscript.dll
2018-12-20 09:11 - 2018-12-20 09:11 - 000310784 _____
C:\Users\crim\Downloads\Grading FINAL C1-1 (1).xls
2018-12-20 09:11 - 2018-12-20 09:11 - 000307712 _____
C:\Users\crim\Downloads\Grading FINAL C1-2 -.xls
2018-12-20 09:10 - 2018-12-20 09:10 - 000310784 _____
C:\Users\crim\Downloads\Grading MIDTERM C1-1.xls
2018-12-20 09:09 - 2018-12-20 09:09 - 000307200 _____
C:\Users\crim\Downloads\Grading MIDTERM C1-2 (2).xls
2018-12-20 09:08 - 2018-12-20 09:08 - 000307200 _____
C:\Users\crim\Downloads\Grading MIDTERM C1-2.xls
2018-12-20 09:08 - 2018-12-20 09:08 - 000307200 _____
C:\Users\crim\Downloads\Grading MIDTERM C1-2 (1).xls
2018-12-20 09:07 - 2018-12-20 09:07 - 000311296 _____
C:\Users\crim\Downloads\Grading PRELIM C1-1.xls
2018-12-20 09:06 - 2018-12-20 09:06 - 000308224 _____
C:\Users\crim\Downloads\Grading PRELIM C1-2 (1).xls
2018-12-20 08:37 - 2018-12-20 08:37 - 000310784 _____
C:\Users\crim\Downloads\Grading FINAL C1-1.xls
2018-12-20 08:31 - 2018-12-20 08:31 - 000308224 _____
C:\Users\crim\Downloads\Grading PRELIM C1-2.xls
2018-12-19 19:47 - 2018-09-25 18:41 - 000305152 _____ C:\Users\crim\Desktop\Grading
Sheet EVIDENCE.xls
2018-12-19 19:41 - 2018-12-19 19:46 - 000000000 ____D C:\Users\crim\Desktop\GRADES
1st sem 18-19
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-18 11:14 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\regid.1991-

06.com.microsoft
2019-01-18 11:09 - 2016-11-08 09:00 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-18 11:07 - 2018-05-26 09:32 - 000838560 _____
C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-18 11:07 - 2018-04-12 07:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-18 11:03 - 2018-05-26 09:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-18 11:02 - 2018-04-12 05:04 - 000524288 _____
C:\WINDOWS\system32\config\BBI
2019-01-18 11:01 - 2018-06-30 09:04 - 000000000 ____D
C:\Users\crim\AppData\LocalLow\IObit
2019-01-18 11:01 - 2018-06-30 09:04 - 000000000 ____D C:\Program Files (x86)\IObit
2019-01-18 11:01 - 2018-06-30 09:03 - 000000000 ____D
C:\Users\crim\AppData\Roaming\IObit
2019-01-18 11:01 - 2018-06-30 09:03 - 000000000 ____D C:\ProgramData\IObit
2019-01-18 10:57 - 2017-10-26 13:38 - 000000000 ____D
C:\Users\crim\AppData\LocalLow\Mozilla
2019-01-18 10:42 - 2018-04-12 07:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-01-18 10:36 - 2018-06-30 09:04 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2019-01-18 10:34 - 2016-11-06 01:25 - 000000000 ___HD C:\Program Files
(x86)\InstallShield Installation Information
2019-01-18 10:34 - 2016-11-06 01:25 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2019-01-18 10:34 - 2016-11-06 01:13 - 000000000 ____D C:\Program Files (x86)\Lenovo
2019-01-18 10:27 - 2018-05-26 09:21 - 000000000 ____D C:\Users\defaultuser0
2019-01-18 10:26 - 2018-05-26 09:21 - 000000000 ____D C:\Users\crim
2019-01-18 10:08 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-18 10:06 - 2018-05-26 09:17 - 000000000 ____D
C:\WINDOWS\system32\SleepStudy
2019-01-18 09:32 - 2018-04-12 07:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-18 09:28 - 2017-10-26 16:02 - 000000000 ____D C:\Program Files\rempl
2019-01-18 09:25 - 2018-05-26 09:35 - 000004144 _____
C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4C853976-5BEC-41FB-B508-
766D74991089}
2019-01-18 09:23 - 2017-11-20 17:41 - 000000863 _____
C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-01-17 18:10 - 2018-01-24 10:02 - 000000000 ____D
C:\Users\crim\Documents\Simple Sticky Notes
2019-01-17 14:35 - 2017-12-18 10:37 - 000000000 ____D
C:\Users\crim\AppData\Local\Packages
2019-01-17 13:01 - 2017-11-22 14:12 - 000000000 ____D C:\Users\crim\Documents\FILES
Sir Mark
2019-01-17 12:45 - 2018-12-03 08:27 - 000000000 ____D
C:\Users\crim\AppData\Roaming\tor
2019-01-17 12:07 - 2017-10-28 17:44 - 000000000 ____D
C:\Users\crim\AppData\Roaming\vlc
2019-01-17 10:01 - 2016-11-06 01:13 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-16 17:20 - 2017-12-18 11:40 - 000000000 ____D
C:\Users\crim\AppData\Local\PlaceholderTileLogoFolder
2019-01-15 14:04 - 2018-05-25 21:45 - 000000000 ____D C:\Program Files (x86)\HP
2019-01-15 13:17 - 2017-11-27 10:25 - 000000000 ____D
C:\Users\crim\AppData\Local\ElevatedDiagnostics
2019-01-15 09:15 - 2017-11-08 10:32 - 000000000 ____D C:\Program Files (x86)\Adobe
Photoshop CC 2015
2019-01-15 09:12 - 2018-06-08 15:40 - 000000000 ____D C:\Users\crim\Desktop\HP
2019-01-15 08:12 - 2018-08-01 18:15 - 000000000 ____D C:\Program Files
(x86)\Mozilla Maintenance Service
2019-01-15 08:12 - 2017-11-22 14:07 - 000000000 ____D C:\Program Files (x86)\WinRAR
2019-01-14 21:47 - 2018-08-01 18:15 - 000001012 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-14 21:47 - 2018-08-01 18:14 - 000000000 ____D C:\Program Files\Mozilla
Firefox
2019-01-14 21:43 - 2018-06-19 13:36 - 004465836 _____
C:\Users\crim\Documents\HPLJM177_Fax_Port
2019-01-14 20:23 - 2017-11-22 14:07 - 000000000 ____D
C:\Users\crim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-14 20:23 - 2017-11-22 14:07 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-14 19:15 - 2016-11-08 09:01 - 000000000 ____D C:\Program Files (x86)\Intel
2019-01-14 17:47 - 2017-10-26 13:42 - 000000000 ____D C:\Program Files (x86)\Google
2019-01-14 17:25 - 2018-05-26 06:55 - 000000000 ____D
C:\HP_Color_LaserJet_Pro_MFP_M177
2019-01-14 17:25 - 2018-04-12 07:38 - 000000000 ___RD C:\Program Files\Windows
Defender
2019-01-14 17:25 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Common
Files\microsoft shared
2019-01-14 17:25 - 2016-11-08 09:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA
Corporation
2019-01-14 17:24 - 2018-11-27 18:31 - 000000000 ____D
C:\Users\crim\Desktop\Cybercrime
2019-01-14 17:24 - 2018-11-13 14:05 - 000000000 ____D
C:\Users\crim\Desktop\curriculum
2019-01-14 17:24 - 2018-07-23 14:38 - 000000000 ____D C:\Users\crim\SPFlashToolLog
2019-01-14 17:18 - 2018-11-14 15:22 - 000000000 ____D C:\Users\crim\Desktop\to be
print syllabus
2019-01-14 17:17 - 2018-05-25 21:45 - 000000000 ____D C:\HP_M177_FW_Update
2019-01-12 13:03 - 2018-12-12 14:31 - 000000000 ____D C:\Program Files\Microsoft
Office
2019-01-12 09:16 - 2018-08-04 15:02 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty 4 Modern Warfare
2019-01-11 11:15 - 2018-09-15 17:43 - 000000000 ___HD C:\$WINDOWS.~BT
2019-01-11 11:12 - 2018-04-12 07:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-11 09:17 - 2018-11-28 14:40 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-11 09:17 - 2018-11-28 14:39 - 000000000 ____D C:\Program Files\Java
2019-01-11 09:16 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-10 17:18 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-10 17:18 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-10 17:10 - 2018-05-26 09:35 - 000002278 _____
C:\WINDOWS\System32\Tasks\PDVDServ14 Task
2019-01-09 09:33 - 2017-10-26 15:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 09:30 - 2017-10-26 15:52 - 132790320 ____C (Microsoft Corporation)
C:\WINDOWS\system32\MRT.exe
2019-01-09 09:17 - 2018-06-11 09:28 - 000000000 ____D C:\WINDOWS\Minidump
2019-01-04 08:41 - 2018-06-09 12:14 - 000000000 ____D C:\Users\crim\Desktop\ojt pnp
2019-01-03 03:41 - 2018-11-15 08:29 - 000835480 _____ (Adobe Systems Incorporated)
C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-03 03:41 - 2018-11-15 08:29 - 000179600 _____ (Adobe Systems Incorporated)
C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-20 08:14 - 2018-05-26 09:35 - 000003418 _____
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-20 08:14 - 2018-05-26 09:35 - 000003294 _____
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-19 09:12 - 2018-05-26 09:35 - 000003360 _____
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1609226357-
2572486139-419568603-1001
2018-12-19 09:12 - 2018-05-26 09:21 - 000002367 _____
C:\Users\crim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-19 09:12 - 2017-03-25 03:11 - 000000000 ___RD C:\Users\crim\OneDrive
==================== Files in the root of some directories =======
2019-01-14 18:41 - 2019-01-14 18:41 - 000000017 _____ ()

C:\Users\crim\AppData\Local\resmon.resmoncfg
2017-12-09 16:04 - 2017-12-09 16:04 - 000000120 _____ ()
C:\Users\crim\AppData\Local\uts.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

FRST

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FRST

Uploaded by

Copyright:

Available Formats

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

==================== Registry (Whitelisted) ===========================

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed

Tcpip\Parameters: [DhcpNameServer] 192.168.5.10

==================== Services (Whitelisted) ====================

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device

===================== Drivers (Whitelisted) ======================

==================== NetSvcs (Whitelisted) ===================

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 11:15 - 2019-01-18 11:15 - 000023554 _____

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 11:14 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\regid.1991-

==================== Files in the root of some directories =======

2019-01-14 18:41 - 2019-01-14 18:41 - 000000017 _____ ()

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

You might also like