Solved Possible Malware or Virus

mpipis

TS Member
Hello All,

Over the last two weeks I have been getting strange browser chrome redirects at random moments. While I have not had any discoveries after running scans from various programs - I am concerned there is a malware in hiding as the same redirect to a fake windows warning site keeps appearing. Any suggestions or am I just overly paranoid?

Thanks,
Mike
 

Broni

Malware Annihilator
Please, complete all steps listed here: https://www.techspot.com/community/topics/updated-4-step-viruses-spyware-malware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

mpipis

TS Member
Having an issue pasting logs to forum. I keep getting the following message;

[SIZE=5]The following error occurred:[/SIZE]
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.

Is there a particular format required?
 

Broni

Malware Annihilator
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by M (administrator) on M (25-01-2018 14:00:46)
Running from C:\Users\M\Downloads
Loaded Profiles: M (Available Profiles: M)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UDSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Akamai Technologies, Inc.) C:\Users\M\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\M\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe
(PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sutherland Global Services, Inc.) C:\Program Files\Dell\SupportAssistAgent\SRE\SRE.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21595.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21595.0_x64__8wekyb3d8bbwe\HxTsr.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8721656 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-10-28] (Intel Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5773640 2013-08-22] (Dell Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-28] (Apple Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UD.exe [538728 2014-04-23] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe [86016 2016-02-18] (PFU LIMITED)
HKLM-x32\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe [454144 2016-09-06] (PFU Limited)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [Akamai NetSession Interface] => C:\Users\M\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-11] (Valve Corporation)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2017-07-31]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5a5e6b4c-640e-4bcf-90aa-facbf65cdb35}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-01-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2810527709-413825500-1257755514-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://paychex.webex.com/client/WBXclient-31.14.3-30/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2810527709-413825500-1257755514-1002: @citrixonline.com/appdetectorplugin -> C:\Users\M\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2810527709-413825500-1257755514-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\M\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\M\AppData\Local\Google\Chrome\User Data\Default [2018-01-25]
CHR Extension: (Slides) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (YouTube) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Adobe Acrobat) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Sheets) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Gmail) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-20] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-10-09] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-12-23] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation)
S2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UDSA.exe [166504 2014-04-23] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-10-28] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-28] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-09] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2017-12-22] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-10-09] (BitRaider)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-04] (BitRaider)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [143568 2013-08-03] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [76432 2013-08-03] (Intel Corporation)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation)
R3 eppvad_simple; C:\WINDOWS\system32\drivers\EMP_UDAU.sys [23040 2014-04-23] (SEIKO EPSON CORPORATION)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2018-01-20] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-25] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-11] (Intel Corporation)
R1 MpKsl74352370; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ADF57E7A-8D77-4DC6-84DC-39730EE3C458}\MpKsl74352370.sys [58120 2018-01-25] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-09-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_96feac2ff3979cc1\nvlddmkm.sys [14249416 2016-10-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72288 2017-02-16] (Synaptics Incorporated)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [83456 2013-08-06] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-25 14:00 - 2018-01-25 14:01 - 000028400 _____ C:\Users\M\Downloads\FRST.txt
2018-01-25 14:00 - 2018-01-25 14:00 - 000000000 ____D C:\Users\M\Downloads\FRST-OlderVersion
2018-01-25 14:00 - 2018-01-25 14:00 - 000000000 ____D C:\FRST
2018-01-25 13:59 - 2018-01-25 14:00 - 002393088 _____ (Farbar) C:\Users\M\Downloads\FRST64.exe
2018-01-25 12:50 - 2018-01-25 12:50 - 000003088 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest-Retry
2018-01-25 12:48 - 2018-01-25 12:48 - 000947062 _____ C:\Users\M\Documents\Scan0025.pdf
2018-01-24 12:45 - 2018-01-24 12:45 - 000017394 _____ C:\Users\M\Downloads\export (9).xlsx
2018-01-23 20:18 - 2018-01-23 20:18 - 000018734 _____ C:\Users\M\Downloads\sos.update.9557.1.23.18.xlsx
2018-01-23 17:16 - 2018-01-23 17:16 - 001534173 _____ C:\Users\M\Documents\Scan0024.pdf
2018-01-23 16:38 - 2018-01-23 16:38 - 000148883 _____ C:\Users\M\Downloads\Fax_20180116_717227430.pdf
2018-01-23 16:38 - 2018-01-23 16:38 - 000126839 _____ C:\Users\M\Downloads\Fax_20180117_717345992.pdf
2018-01-23 15:10 - 2018-01-23 15:10 - 003076696 _____ C:\Users\M\Downloads\Gilmore Rhonda Multipayer enroll.pdf
2018-01-23 15:09 - 2018-01-23 15:09 - 000510291 _____ C:\Users\M\Downloads\Single ID EFS (1).pdf
2018-01-23 15:08 - 2018-01-23 15:08 - 000010389 _____ C:\Users\M\Downloads\Acceptable Signatures.pdf
2018-01-22 22:46 - 2018-01-22 22:46 - 000018067 _____ C:\Users\M\Downloads\sos.update.9557.1.22.2018.xlsx
2018-01-19 18:33 - 2018-01-25 12:26 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-19 18:33 - 2018-01-20 11:50 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-19 18:33 - 2018-01-20 11:50 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-19 18:33 - 2018-01-20 11:50 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-19 18:33 - 2018-01-19 18:33 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-19 18:33 - 2018-01-19 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-19 18:32 - 2018-01-19 18:32 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-19 18:32 - 2018-01-19 18:32 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-19 16:06 - 2018-01-19 16:06 - 000000346 _____ C:\Users\M\Downloads\Export (3).CSV
2018-01-19 15:51 - 2018-01-19 15:51 - 000017480 _____ C:\Users\M\Downloads\Export (2).CSV
2018-01-19 15:48 - 2018-01-25 13:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-19 15:47 - 2018-01-19 15:47 - 000000702 _____ C:\Users\M\Downloads\Export (1).CSV
2018-01-19 15:45 - 2018-01-19 15:45 - 000012243 _____ C:\Users\M\Downloads\Export.CSV
2018-01-19 10:39 - 2018-01-25 12:50 - 000003576 _____ C:\WINDOWS\System32\Tasks\Pcd.DriverScan.D54FM
2018-01-18 15:02 - 2018-01-18 15:02 - 000015642 _____ C:\Users\M\Downloads\2018.sos.1.18.2018.ii.xlsx
2018-01-17 16:55 - 2018-01-17 16:55 - 001053120 _____ C:\Users\M\Documents\Scan0023.pdf
2018-01-17 16:46 - 2018-01-17 17:06 - 000087552 _____ C:\Users\M\Downloads\11054596_Check_Reconciliation_Data_Wed_Jan_17_16_45_00_EST_2018.xls
2018-01-17 16:41 - 2018-01-17 16:42 - 000011353 _____ C:\Users\M\Downloads\export (8).xlsx
2018-01-17 16:37 - 2018-01-17 16:37 - 000935626 _____ C:\Users\M\Documents\Scan0022.pdf
2018-01-17 16:33 - 2018-01-17 16:33 - 000069567 _____ C:\Users\M\Documents\Scan0021.pdf
2018-01-17 16:32 - 2018-01-17 16:32 - 001059580 _____ C:\Users\M\Documents\Scan0020.pdf
2018-01-15 15:52 - 2018-01-15 15:52 - 000933730 _____ C:\Users\M\Documents\Scan0019.pdf
2018-01-15 15:51 - 2018-01-15 15:51 - 000866569 _____ C:\Users\M\Documents\Scan0018.pdf
2018-01-15 15:14 - 2018-01-15 15:14 - 000042456 _____ C:\Users\M\Documents\Copy of rep_11054596_PYRJRN_Fri_Jan_12_14_36_41_EST_2018_XLSX_0.xlsx
2018-01-13 02:17 - 2018-01-13 02:17 - 012585192 _____ C:\Users\M\Documents\L0803340.pdf
2018-01-13 01:48 - 2018-01-13 01:48 - 013075476 _____ C:\Users\M\Downloads\L0803340.pdf
2018-01-12 14:38 - 2018-01-12 14:38 - 000023576 _____ C:\Users\M\Downloads\reports_20180112143857.zip
2018-01-12 14:27 - 2018-01-12 14:27 - 003074579 _____ C:\Users\M\Documents\Scan0017.pdf
2018-01-12 13:38 - 2018-01-12 13:38 - 000023606 _____ C:\Users\M\Downloads\reports_20180112133759.zip
2018-01-12 13:04 - 2018-01-12 13:04 - 000229372 _____ C:\Users\M\Downloads\Blank Preview Agreement Health Link HCBS Waiver Program (1).pdf
2018-01-12 09:46 - 2018-01-12 09:46 - 000003494 _____ C:\Users\M\Downloads\reports_20180112094648.zip
2018-01-12 00:51 - 2018-01-12 00:51 - 000023635 _____ C:\Users\M\Downloads\reports_20180112005107.zip
2018-01-11 17:39 - 2018-01-11 17:39 - 000376768 _____ C:\Users\M\Downloads\11054596_Employee_Data_for_Time_Clocks_Thu_Jan_11_17_38_00_EST_2018.xls
2018-01-11 16:38 - 2018-01-11 16:38 - 000075591 _____ C:\Users\M\Downloads\December Service Month Authorization.xlsx
2018-01-11 11:03 - 2018-01-11 11:03 - 000229372 _____ C:\Users\M\Downloads\Blank Preview Agreement Health Link HCBS Waiver Program.pdf
2018-01-11 11:02 - 2018-01-11 11:02 - 000510291 _____ C:\Users\M\Downloads\Single ID EFS.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000061812 _____ C:\Users\M\Downloads\Fax_20171216_715268027.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000060710 _____ C:\Users\M\Downloads\Fax_20171221_715617262.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000056235 _____ C:\Users\M\Downloads\Fax_20171228_715959035.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000051412 _____ C:\Users\M\Downloads\Fax_20180101_716144879.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000033418 _____ C:\Users\M\Downloads\Fax_20171221_715685273.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000026196 _____ C:\Users\M\Downloads\Fax_20171221_715685232.pdf
2018-01-10 15:38 - 2018-01-10 15:38 - 000094633 _____ C:\Users\M\Downloads\Fax_20171213_715053171.pdf
2018-01-10 15:38 - 2018-01-10 15:38 - 000078657 _____ C:\Users\M\Downloads\Fax_20171213_714993813.pdf
2018-01-10 15:38 - 2018-01-10 15:38 - 000061684 _____ C:\Users\M\Downloads\Fax_20171216_715268003.pdf
2018-01-10 15:38 - 2018-01-10 15:38 - 000044438 _____ C:\Users\M\Downloads\Fax_20171215_715240941.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000194776 _____ C:\Users\M\Downloads\Fax_20171207_714582546.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000133014 _____ C:\Users\M\Downloads\Fax_20171207_714605631.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000098977 _____ C:\Users\M\Downloads\Fax_20171211_714793482.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000086269 _____ C:\Users\M\Downloads\Fax_20171211_714818600.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000083090 _____ C:\Users\M\Downloads\Fax_20171212_714955134.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000052786 _____ C:\Users\M\Downloads\Fax_20171207_714618239.pdf
2018-01-10 15:36 - 2018-01-10 15:36 - 000118118 _____ C:\Users\M\Downloads\Fax_20171207_714555718.pdf
2018-01-10 14:35 - 2018-01-10 14:35 - 000017640 _____ C:\Users\M\Downloads\sos.update.1.10.18.xlsx
2018-01-10 11:38 - 2018-01-10 11:38 - 000003934 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
2018-01-10 11:37 - 2018-01-10 11:37 - 000000000 ____D C:\ProgramData\Dell Inc
2018-01-10 11:36 - 2018-01-10 11:37 - 002148634 _____ C:\Users\M\Downloads\010118_JudithWhite_Time_Sheets_WCAA-signedSigned.pdf
2018-01-09 13:41 - 2018-01-09 13:41 - 000914521 _____ C:\Users\M\Documents\Scan0016.pdf
2018-01-09 13:39 - 2018-01-09 13:39 - 000880228 _____ C:\Users\M\Documents\Scan0015.pdf
2018-01-09 13:16 - 2018-01-09 13:16 - 000338313 _____ C:\Users\M\Documents\Scan0014.pdf
2018-01-09 13:09 - 2018-01-09 13:09 - 000164880 _____ C:\Users\M\Downloads\RCP Associates Contract (1).pdf
2018-01-08 14:39 - 2018-01-08 14:39 - 000017539 _____ C:\Users\M\Downloads\2018.SOS.1.18.18.xlsx
2018-01-08 12:35 - 2018-01-08 12:35 - 000154465 _____ C:\Users\M\Downloads\3133688857_180108_716581623.pdf
2018-01-08 12:35 - 2018-01-08 12:35 - 000012493 _____ C:\Users\M\Downloads\3133688857_180108_716581729.pdf
2018-01-08 12:30 - 2018-01-08 12:30 - 000096087 _____ C:\Users\M\Downloads\NA_180108_716581195.pdf
2018-01-08 12:30 - 2018-01-08 12:30 - 000073061 _____ C:\Users\M\Downloads\NA_180108_716580759.pdf
2018-01-05 13:29 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-05 13:29 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-05 13:29 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-05 13:29 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-05 13:29 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-05 13:29 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
 

Broni

Malware Annihilator
2018-01-05 13:29 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-05 13:29 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-05 13:29 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-05 13:29 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-05 13:29 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-05 13:29 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-05 13:29 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-05 13:29 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-05 13:29 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-05 13:29 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-05 13:29 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-05 13:29 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-05 13:29 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-05 13:29 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-05 13:29 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-05 13:29 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-05 13:29 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-05 13:29 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-05 13:29 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-05 13:29 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-05 13:29 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-05 13:29 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-05 13:29 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-05 13:29 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-05 13:29 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-05 13:29 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-05 13:29 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-05 13:29 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-05 13:29 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-05 13:29 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-05 13:29 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-05 13:29 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-05 13:29 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-05 13:29 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-05 13:29 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-05 13:29 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-05 13:29 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-05 13:29 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-05 13:29 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-05 13:29 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-05 13:29 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-05 13:29 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-05 13:29 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-05 13:29 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-05 13:29 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-05 13:29 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-05 13:29 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-05 13:29 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-05 13:29 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-05 13:29 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-05 13:29 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-05 13:29 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-05 13:29 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-05 13:29 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-05 13:29 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-05 13:29 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-05 13:29 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-05 13:29 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-05 13:29 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-05 13:29 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-05 13:29 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-05 13:29 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-05 13:29 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-05 13:29 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-05 13:29 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-05 13:29 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-05 13:29 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-05 13:29 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-05 13:29 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-05 13:29 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-05 13:29 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-05 13:29 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-05 13:29 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-05 13:29 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-05 13:29 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-05 13:29 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-05 13:29 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-05 13:29 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-05 13:29 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-05 13:29 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-05 13:29 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-05 13:29 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-05 13:29 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-05 13:29 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-05 13:29 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-05 13:29 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-05 13:29 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-05 13:29 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-05 13:29 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-05 13:29 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-05 13:29 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-05 13:29 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-05 13:29 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-05 13:29 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-05 13:29 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-05 13:29 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-05 13:29 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-05 13:29 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-05 13:29 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-05 13:29 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-05 13:29 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-05 13:29 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-05 13:29 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-05 13:29 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-05 13:29 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-05 13:29 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-05 13:29 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-05 13:29 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-05 13:29 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-05 13:29 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-05 13:29 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-05 13:29 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-05 13:29 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-05 13:29 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-05 13:29 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-05 13:29 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-05 13:29 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-05 13:29 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-05 13:29 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-05 13:29 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-05 13:29 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-05 13:29 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-05 13:29 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-05 13:29 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-05 13:29 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-05 13:29 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-05 13:29 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-05 13:29 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-05 13:29 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-05 13:29 - 2018-01-01 06:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-05 13:29 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-05 13:29 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-05 13:29 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-05 13:29 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-05 11:19 - 2018-01-05 11:19 - 000000000 ____D C:\Program Files (x86)\Dell Update
2018-01-02 15:07 - 2018-01-02 15:07 - 001309498 _____ C:\Users\M\Documents\Scan0013.pdf
2018-01-02 09:20 - 2018-01-02 09:20 - 000026087 _____ C:\Users\M\Downloads\18700711 (1).PDF
2018-01-02 09:18 - 2018-01-02 09:18 - 000026754 _____ C:\Users\M\Downloads\18700711.PDF
2017-12-27 14:34 - 2017-12-27 14:34 - 001440639 _____ C:\Users\M\Documents\Scan0012.pdf
2017-12-27 11:11 - 2017-12-27 11:11 - 000017426 _____ C:\Users\M\Downloads\export-1.xlsx
2017-12-26 17:54 - 2017-12-26 17:54 - 001811725 _____ C:\Users\M\Downloads\121817_JudithWhite_Time_Sheets_WCAA.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-25 13:45 - 2017-12-01 15:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-25 12:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-25 12:31 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-25 12:31 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-24 15:48 - 2017-10-12 15:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-24 15:48 - 2015-10-06 06:34 - 000000000 __SHD C:\Users\M\IntelGraphicsProfiles
2018-01-24 12:49 - 2015-03-20 16:19 - 000000000 ___RD C:\Users\M\Documents\SOS
2018-01-24 12:46 - 2017-12-01 15:47 - 000000000 ____D C:\Users\M\AppData\Local\Packages
2018-01-24 12:23 - 2014-08-24 00:52 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-20 11:50 - 2016-03-18 10:28 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-20 11:50 - 2016-03-18 10:26 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-19 18:32 - 2016-03-18 10:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-19 18:32 - 2016-03-18 10:26 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-01-19 09:19 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-19 09:19 - 2014-05-25 07:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-14 23:10 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-11 23:14 - 2017-12-01 15:54 - 000977702 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-11 23:12 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-11 23:10 - 2017-12-01 15:54 - 000000000 ___RD C:\Users\M\3D Objects
2018-01-11 23:10 - 2015-09-10 00:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-11 23:09 - 2017-12-01 15:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-11 23:09 - 2017-12-01 15:44 - 000430728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-11 23:09 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-11 23:09 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-10 11:37 - 2017-12-01 15:51 - 000003340 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2810527709-413825500-1257755514-1002
2018-01-10 11:37 - 2015-10-06 06:37 - 000002390 _____ C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-10 11:37 - 2014-08-24 00:28 - 000000000 __RDO C:\Users\M\OneDrive
2018-01-09 13:15 - 2014-08-29 23:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-09 13:11 - 2017-10-10 13:23 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-09 13:11 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-09 13:11 - 2014-08-29 23:38 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-05 21:13 - 2014-09-22 09:23 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-05 21:13 - 2014-09-22 09:23 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-05 13:30 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-05 13:30 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-05 13:30 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-05 11:19 - 2014-05-25 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-01-02 14:44 - 2014-09-07 12:39 - 000000000 ____D C:\Users\M\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2016-04-20 22:15 - 2016-04-20 22:15 - 063849440 _____ () C:\Users\M\WDMyCloud_win.exe
2016-02-15 10:41 - 2016-02-15 10:42 - 000007601 _____ () C:\Users\M\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-15 13:35

==================== End of FRST.txt ============================
 

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by M (25-01-2018 14:01:26)
Running from C:\Users\M\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-01 20:52:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2810527709-413825500-1257755514-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2810527709-413825500-1257755514-503 - Limited - Disabled)
Guest (S-1-5-21-2810527709-413825500-1257755514-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2810527709-413825500-1257755514-1004 - Limited - Enabled)
M (S-1-5-21-2810527709-413825500-1257755514-1002 - Administrator - Enabled) => C:\Users\M
WDAGUtilityAccount (S-1-5-21-2810527709-413825500-1257755514-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 373.06 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{8D7B279C-A661-465C-9658-F62FBD6A6B91}) (Version: 2.1.3.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.70.000 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.28.0.6039 (HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\GoToMeeting) (Version: 7.28.0.6039 - CitrixOnline)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.7.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{18a91b56-a919-4c87-b3bb-2dbcd9b7cc13}) (Version: 17.0.2 - Intel Corporation)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KB4023057 (HKLM\...\{264FDD69-C4DF-476F-B1B8-7DCEE4AF839B}) (Version: 2.4.0.0 - Microsoft Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6570.1 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2153 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Standard 2013 - en-us (HKLM\...\VisioStdRetail - en-us) (Version: 15.0.4953.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.5.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.026 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
ScanSnap Manager (HKLM-x32\...\{10849A02-8B94-4943-A0B9-6F198486239A}) (Version: 6.5.61.2.2 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{C3F4BE6A-B798-4B50-99CA-B8B8F17FE56B}) (Version: 6.5.40.4.6 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.5L61 - PFU)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0046 - ST Microelectronics)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Warframe (HKLM-x32\...\{1A5F54E0-339B-481F-95C2-91B9923609D3}) (Version: 1.0.0 - Digital Extremes)
WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2810527709-413825500-1257755514-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-83A772A7501F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2810527709-413825500-1257755514-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\M\AppData\Local\Citrix\GoToMeeting\6039\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2810527709-413825500-1257755514-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-28] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-10-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050DC113-2FD9-4063-B3C5-E01D2E040A23} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {0B5F92D2-1E33-4870-B343-6F54500DCBF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {128472C8-01E8-4745-AF9B-A220972F80E3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-18] ()
Task: {1DDF1D73-7E38-4055-9264-B9D0E6FC85DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files (x86)\Microsoft Office\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {1F57C41D-9DAD-433A-80A1-5E2502B8F2CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {246411A5-BCEC-46D7-A74E-D53610D679AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {254D6E1B-6D28-4296-8D73-7D8E9814BFF5} - System32\Tasks\Pcd.DriverScan.D54FM => C:\Users\M\AppData\Roaming\PCDr\Downloads\DriverInstaller.exe [2017-12-04] (PC-Doctor, Inc.)
Task: {275B394B-8551-476C-BC5A-E14C35EC733C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {302508B4-9E73-4BD5-A4CF-E183E988D758} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3E192F26-741B-46DD-A21A-AB1203F4E652} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4336FC9C-4E53-4C09-90C1-8CC12733893C} - System32\Tasks\{7CD3CED9-F5DF-4F8F-A193-0829F3240E58} => C:\Windows\system32\pcalua.exe -a C:\Users\M\AppData\Local\Microsoft\Windows\INetCache\IE\68S8K2QZ\EasyTransferCableWin8.exe -d C:\Users\M\Desktop
Task: {5089A744-DAF6-4977-A76A-1151E3F2444F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-18] ()
Task: {510EC9A4-60FD-4DAB-9A81-2E2A97AB0CA4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {5372F502-EC29-49D1-927D-9303D4BE2C45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {61F163A9-E8EC-46A6-BCFA-3F2083325E09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files (x86)\Microsoft Office\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {681E79AE-85E9-45A9-BC19-C68BD95C41A1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {69360015-F6B5-40EB-A9C6-2C2AA82F06C6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {6AC1A6F9-5433-48E8-9F55-A86E8D5190D1} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
Task: {70C343CC-4693-495F-86A1-D2811C42EAC7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {71071769-43F3-4DAB-B9D6-1B0B551D35F5} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-03-09] (Realtek Semiconductor)
Task: {71D57222-C942-4ABE-BA14-0E44A0BBD5A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7F0E08E1-8ABA-49CC-9343-80E4E1336291} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {84EA9C8B-C9CF-4EE2-B3FE-EEDB8DBB1FF7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {874F7A6B-32A3-45EC-8A56-0D5191B88E8A} - System32\Tasks\SystemToolsDailyTest-Retry => uaclauncher.exe
Task: {8AAE042C-4793-474D-9244-A8FABEBDD887} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {8B3F833D-CC1F-4B22-94BD-4232D29FE845} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-02-16] (Synaptics Incorporated)
Task: {8B786EF3-D346-4D64-83E5-14D3689457F9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {8D5B84ED-274F-43BE-BB1D-F909E34AEE40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {957AABF2-154E-46DE-AAC9-4F96140E7FB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9B970A95-7817-4BBA-A3D4-94F865B8A5D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {A3D19238-0498-472A-82C7-2F32BE9AAFBB} - System32\Tasks\G2MUpdateTask-S-1-5-21-2810527709-413825500-1257755514-1002 => C:\Users\M\AppData\Local\Citrix\GoToMeeting\4542\g2mupdate.exe [2016-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A50116EE-B97F-48D5-A63F-7AECD1D58CCA} - System32\Tasks\Intel(R) Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-08] (Intel)
Task: {B1682BBC-F27C-4572-9291-B209267A53DD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9C12FA9-24B9-4C46-8A28-8B0A3C2E4DBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C361C936-CE9B-4F59-8206-2BF0AC6EFF5F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D4CD5DF2-E0B6-4076-8295-D9A4046602F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {DDCA1465-5E7B-40FF-97C2-02D01D0E0832} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E588C347-0D5D-465A-8234-D31F1933B489} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E7B9D345-236F-45B6-8B9F-B6BCC5B4CB55} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
Task: {F125B8C6-A481-46E2-B3FA-584869A28369} - System32\Tasks\{7BE433A4-F302-4EFB-9E2F-9092480F5249} => C:\Windows\system32\pcalua.exe -a C:\Users\M\AppData\Local\Temp\Temp1_F5U279-Drivers-Vista-XP-EN.zip\EasyTransferCableWin7.exe <==== ATTENTION
Task: {F84DEBF7-B1C6-4C79-AD88-14824D40353E} - System32\Tasks\G2MUploadTask-S-1-5-21-2810527709-413825500-1257755514-1002 => C:\Users\M\AppData\Local\Citrix\GoToMeeting\4542\g2mupload.exe [2016-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FBB2EF99-1D3F-4EA3-9B12-820A96454BB2} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {FE67BB26-2059-4105-80C1-11340F907344} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2810527709-413825500-1257755514-1002.job => C:\Users\M\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2810527709-413825500-1257755514-1002.job => C:\Users\M\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-05 17:17 - 2016-10-05 17:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:17 - 2016-10-05 17:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-19 18:33 - 2018-01-20 11:50 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-19 18:33 - 2018-01-20 11:50 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-10-12 15:07 - 2016-10-01 14:53 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 000553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-02-28 00:17 - 2017-02-28 00:17 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-12-01 18:37 - 2017-12-01 18:37 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-01 18:37 - 2017-12-01 18:37 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-05 21:13 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-05 21:13 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-09 13:10 - 2018-01-09 13:10 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.13.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-14 09:05 - 2017-12-14 09:05 - 035244544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-12-14 09:05 - 2017-12-14 09:05 - 009220608 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-23 12:30 - 2017-08-23 12:31 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2017-09-26 14:30 - 2017-09-26 14:30 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-14 09:05 - 2017-12-14 09:05 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2017-09-19 09:35 - 2017-09-19 09:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2014-05-25 07:36 - 2013-09-11 23:37 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-30 23:50 - 2016-06-14 20:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-07-31 19:38 - 2016-12-13 13:08 - 002016256 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2017-07-31 19:38 - 2016-07-07 12:45 - 001808384 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2017-07-31 19:38 - 2003-03-26 17:46 - 000135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2017-07-31 19:38 - 2010-08-24 15:56 - 000167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2017-07-31 19:38 - 2013-03-12 08:43 - 000888832 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll
2017-06-07 19:32 - 2017-06-07 19:32 - 004463568 _____ () C:\Program Files\Dell\SupportAssistAgent\SRE\DIYConnect.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2810527709-413825500-1257755514-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\M\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "EPSON_UD_START"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FEB360F1-6AC9-4946-845B-7FB4A18381A5}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{5A06FBCB-26F3-443B-A01F-9424CDC117D3}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{E6B3B378-6534-46B0-AA3C-48F855B10472}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{FECE9007-66AD-4CE4-B284-373FAD5708E0}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{9AEE2725-ADE0-4721-A7AF-6B345C4F02DD}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{A0BCB9C4-A6B2-4044-9EF8-99E36E19C6B4}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{44D255E2-DAB9-4DAA-87A1-75A684C4EEBB}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{A34328B8-09A9-469E-BE81-5E1117F3C58B}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{0FE4F166-A62E-4C5C-8EF7-3C8C07F157C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B332D4D2-53BE-4630-93E4-5EE6C82A6D99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7CC2F7B-B894-44C2-85CD-7A289C3EFC41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A8931E0F-A6B8-4C9C-AD66-6D9640687700}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1A840DFE-3367-4BB0-93A1-8D0A1564B932}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F60253E-C881-405F-BF6B-856B02C57E84}] => (Allow) LPort=1900
FirewallRules: [{BBB3C98E-D8B1-4D04-B81A-140A4BE0482D}] => (Allow) LPort=2869
FirewallRules: [{516C4C89-5F4D-4814-977A-6F86D0A6EB52}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C8859F2C-5C47-4583-A363-EB1870FFFAC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22BD9902-994B-4140-8939-13C9C1A8EAF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D5A4CDC-AE79-4EC3-90C4-50EE2B2FF11C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{47946295-7AE7-4AF6-82BA-9A90216DAD5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1C7AA615-455F-4162-83E1-3C200D71280C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{193CDF82-C723-4B2A-8CD1-D3A2A2018A8E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{FC8464A5-EE0A-4D95-965F-F866DE54DA01}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{761AFCB4-802C-48EA-B4AB-4008FC70BC43}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DA3355CD-F711-4283-81E5-870BB89017D6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1894B355-F616-4634-8A20-27FCAD0EAED6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{83D6E5F4-0BB6-41D1-A33D-BE7E0EADECB4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{19985E9F-6AF0-4422-8050-08C6CACFE087}C:\users\m\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\m\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{096229C2-ABE9-47E2-A953-54CD326988C8}C:\users\m\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\m\appdata\local\akamai\netsession_win.exe
FirewallRules: [{5635A5F2-3CE4-4D61-AA57-0CD04589090E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{E2640C3F-A7FF-4575-934E-BFC3D87D8403}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{8D644193-3DC8-4A3F-9E66-F7DAC15BF39B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{4B19B7A0-8233-4F09-B4C9-8D10A0DF9A9E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{9C0D78C0-BADA-4525-A819-95FECB61F8C2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{10936A9F-C4E6-440A-9550-45ED59BC5B2C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0E9F5A07-03B7-4C6C-9BF7-B06A21123042}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4F76C0DB-ECA5-479D-8E28-BE5AD79F87B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D041F4B9-3B22-4083-9DCD-759A650AB05A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{ADB13BFE-9A93-4145-8CE8-94C14286FEC5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{30649D70-5572-436D-9F66-07C9AE36DF0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{A48CEA44-5636-48F0-BE62-660FD5DB2E05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{36165F51-E3F0-4C91-B5E0-96D503ED2DDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A451CD9E-C91E-44A8-B056-23B3A0F44F08}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

09-01-2018 13:10:45 Windows Update
19-01-2018 10:45:57 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2018 12:26:58 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/24/2018 03:53:53 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 16

Error: (01/24/2018 03:53:53 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 16

Error: (01/24/2018 03:48:34 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (01/24/2018 12:51:20 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (01/24/2018 12:51:20 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (01/24/2018 11:24:45 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 15

Error: (01/24/2018 11:24:45 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 15

Error: (01/24/2018 11:22:25 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/24/2018 11:19:25 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.


System errors:
=============
Error: (01/25/2018 01:08:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (01/25/2018 01:06:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2018 12:27:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2018 12:27:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2018 12:27:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2018 12:27:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2018 12:27:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2018 12:27:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2018 12:27:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/25/2018 12:27:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2018-01-25 13:54:27.576
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-25 13:54:27.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-25 13:38:58.776
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-25 13:38:58.774
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-25 13:24:26.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-25 13:24:26.733
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-25 13:22:02.543
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-25 13:22:02.542
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-25 13:05:49.846
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-25 13:05:49.845
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4712HQ CPU @ 2.30GHz
Percentage of memory in use: 24%
Total physical RAM: 16287.05 MB
Available physical RAM: 12367.65 MB
Total Virtual: 18719.05 MB
Available Virtual: 13275.68 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:459.12 GB) (Free:293.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 5DF84E0D)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

mpipis

TS Member
RogueKiller V12.12.1.0 (x64) [Jan 22 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : M [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 01/25/2018 19:36:10 (Duration : 00:33:40)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2810527709-413825500-1257755514-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2810527709-413825500-1257755514-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2810527709-413825500-1257755514-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2810527709-413825500-1257755514-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2810527709-413825500-1257755514-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2810527709-413825500-1257755514-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SSD PM851 mSATA 512GB +++++
--- User ---
[MBR] cac1496660d66b6494ff46f1694bc173
[BSP] d8e92e6c1afe8ac158e36113d307c5bb : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 10260

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/25/18
Scan Time: 8:16 PM
Log File: 9a3b562a-0236-11e8-b8db-000000000000.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3787
License: Trial

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: M\M

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317251
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-

# AdwCleaner 7.0.7.0 - Logfile created on Fri Jan 26 01:26:22 2018
# Updated on 2018/18/01 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\END


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

mpipis

TS Member
Still getting the;

The following error occurred:
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.

when I try to copy and paste the text file, I have attached new files below, but am willing to try copy and pasting again if you have any suggestions...
 

Attachments

Broni

Malware Annihilator
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by M (administrator) on M (31-01-2018 09:46:38)
Running from C:\Users\M\Downloads
Loaded Profiles: M (Available Profiles: M)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UDSA.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Akamai Technologies, Inc.) C:\Users\M\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\M\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe
(PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8721656 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-10-28] (Intel Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5773640 2013-08-22] (Dell Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-28] (Apple Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UD.exe [538728 2014-04-23] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe [86016 2016-02-18] (PFU LIMITED)
HKLM-x32\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe [454144 2016-09-06] (PFU Limited)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [Akamai NetSession Interface] => C:\Users\M\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-11] (Valve Corporation)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\RunOnce: [Uninstall 17.3.7131.1115\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\M\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64"
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\RunOnce: [Uninstall 17.3.7131.1115] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\M\AppData\Local\Microsoft\OneDrive\17.3.7131.1115"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2017-07-31]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5a5e6b4c-640e-4bcf-90aa-facbf65cdb35}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-01-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2810527709-413825500-1257755514-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://paychex.webex.com/client/WBXclient-31.14.3-30/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-18] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2810527709-413825500-1257755514-1002: @citrixonline.com/appdetectorplugin -> C:\Users\M\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2810527709-413825500-1257755514-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\M\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\M\AppData\Local\Google\Chrome\User Data\Default [2018-01-31]
CHR Extension: (Slides) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (YouTube) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Adobe Acrobat) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Sheets) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Gmail) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-20] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-10-09] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-12-23] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation)
S2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UDSA.exe [166504 2014-04-23] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-10-28] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-28] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-09] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2017-12-22] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-10-09] (BitRaider)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-04] (BitRaider)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [143568 2013-08-03] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [76432 2013-08-03] (Intel Corporation)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation)
R3 eppvad_simple; C:\WINDOWS\system32\drivers\EMP_UDAU.sys [23040 2014-04-23] (SEIKO EPSON CORPORATION)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-25] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-25] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-25] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-31] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-11] (Intel Corporation)
R1 MpKsla099b9fe; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70248895-6863-4F11-9EBA-495ECC8FCE81}\MpKsla099b9fe.sys [58120 2018-01-30] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-09-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_96feac2ff3979cc1\nvlddmkm.sys [14249416 2016-10-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72288 2017-02-16] (Synaptics Incorporated)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [83456 2013-08-06] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-29 17:54 - 2018-01-29 17:54 - 000019331 _____ C:\Users\M\Downloads\sos.update.9557.1.29.18.xlsx
2018-01-27 00:32 - 2018-01-27 00:32 - 000019548 _____ C:\Users\M\Downloads\sos.update.9557.1.26.18.xlsx
2018-01-26 12:37 - 2018-01-26 12:37 - 000205567 _____ C:\Users\M\Downloads\DOC012618-01262018122950.pdf
2018-01-25 20:29 - 2018-01-25 20:29 - 000001120 _____ C:\Users\M\Documents\AdwCleaner[C0].txt
2018-01-25 20:26 - 2018-01-30 16:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-25 20:20 - 2018-01-25 20:20 - 000001226 _____ C:\Users\M\Documents\Malwarebytes.txt
2018-01-25 20:15 - 2018-01-25 20:15 - 000005906 _____ C:\Users\M\Documents\rk_83D6.tmp.txt
2018-01-25 19:36 - 2018-01-25 19:36 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-25 19:29 - 2018-01-25 20:28 - 000000000 ____D C:\AdwCleaner
2018-01-25 19:29 - 2018-01-25 19:29 - 008206624 _____ (Malwarebytes) C:\Users\M\Downloads\AdwCleaner.exe
2018-01-25 19:28 - 2018-01-25 20:27 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-25 19:28 - 2018-01-25 19:28 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-25 19:28 - 2018-01-25 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-25 19:27 - 2018-01-25 19:27 - 082302320 _____ (Malwarebytes ) C:\Users\M\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3780.exe
2018-01-25 19:25 - 2018-01-25 19:29 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-25 19:25 - 2018-01-25 19:25 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-01-25 19:25 - 2018-01-25 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-01-25 19:25 - 2018-01-25 19:25 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-25 19:23 - 2018-01-25 19:23 - 036412224 _____ (Adlice Software ) C:\Users\M\Downloads\RogueKiller_setup_ref3.exe
2018-01-25 18:17 - 2018-01-25 18:17 - 000003584 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-mpipis@sbcglobal.net
2018-01-25 14:47 - 2018-01-25 14:47 - 000048668 _____ C:\Users\M\Documents\Addition.txt
2018-01-25 14:46 - 2018-01-25 14:46 - 000076789 _____ C:\Users\M\Documents\FRST.txt
2018-01-25 14:01 - 2018-01-25 14:01 - 000048665 _____ C:\Users\M\Downloads\Addition.txt
2018-01-25 14:00 - 2018-01-31 09:46 - 000027639 _____ C:\Users\M\Downloads\FRST.txt
2018-01-25 14:00 - 2018-01-31 09:46 - 000000000 ____D C:\FRST
2018-01-25 14:00 - 2018-01-31 09:45 - 000000000 ____D C:\Users\M\Downloads\FRST-OlderVersion
2018-01-25 13:59 - 2018-01-31 09:45 - 002393088 _____ (Farbar) C:\Users\M\Downloads\FRST64.exe
2018-01-25 12:48 - 2018-01-25 12:48 - 000947062 _____ C:\Users\M\Documents\Scan0025.pdf
2018-01-24 12:45 - 2018-01-24 12:45 - 000017394 _____ C:\Users\M\Downloads\export (9).xlsx
2018-01-23 20:18 - 2018-01-23 20:18 - 000018734 _____ C:\Users\M\Downloads\sos.update.9557.1.23.18.xlsx
2018-01-23 17:16 - 2018-01-23 17:16 - 001534173 _____ C:\Users\M\Documents\Scan0024.pdf
2018-01-23 16:38 - 2018-01-23 16:38 - 000148883 _____ C:\Users\M\Downloads\Fax_20180116_717227430.pdf
2018-01-23 16:38 - 2018-01-23 16:38 - 000126839 _____ C:\Users\M\Downloads\Fax_20180117_717345992.pdf
2018-01-23 15:10 - 2018-01-23 15:10 - 003076696 _____ C:\Users\M\Downloads\Gilmore Rhonda Multipayer enroll.pdf
2018-01-23 15:09 - 2018-01-23 15:09 - 000510291 _____ C:\Users\M\Downloads\Single ID EFS (1).pdf
2018-01-23 15:08 - 2018-01-23 15:08 - 000010389 _____ C:\Users\M\Downloads\Acceptable Signatures.pdf
2018-01-22 22:46 - 2018-01-22 22:46 - 000018067 _____ C:\Users\M\Downloads\sos.update.9557.1.22.2018.xlsx
2018-01-19 18:33 - 2018-01-31 09:45 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-19 18:33 - 2018-01-25 20:26 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-19 18:33 - 2018-01-25 19:28 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-19 18:33 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-19 18:32 - 2018-01-19 18:32 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-19 16:06 - 2018-01-19 16:06 - 000000346 _____ C:\Users\M\Downloads\Export (3).CSV
2018-01-19 15:51 - 2018-01-19 15:51 - 000017480 _____ C:\Users\M\Downloads\Export (2).CSV
2018-01-19 15:47 - 2018-01-19 15:47 - 000000702 _____ C:\Users\M\Downloads\Export (1).CSV
2018-01-19 15:45 - 2018-01-19 15:45 - 000012243 _____ C:\Users\M\Downloads\Export.CSV
2018-01-18 15:02 - 2018-01-18 15:02 - 000015642 _____ C:\Users\M\Downloads\2018.sos.1.18.2018.ii.xlsx
2018-01-17 16:55 - 2018-01-17 16:55 - 001053120 _____ C:\Users\M\Documents\Scan0023.pdf
2018-01-17 16:46 - 2018-01-17 17:06 - 000087552 _____ C:\Users\M\Downloads\11054596_Check_Reconciliation_Data_Wed_Jan_17_16_45_00_EST_2018.xls
2018-01-17 16:41 - 2018-01-17 16:42 - 000011353 _____ C:\Users\M\Downloads\export (8).xlsx
2018-01-17 16:37 - 2018-01-17 16:37 - 000935626 _____ C:\Users\M\Documents\Scan0022.pdf
2018-01-17 16:33 - 2018-01-17 16:33 - 000069567 _____ C:\Users\M\Documents\Scan0021.pdf
2018-01-17 16:32 - 2018-01-17 16:32 - 001059580 _____ C:\Users\M\Documents\Scan0020.pdf
2018-01-15 15:52 - 2018-01-15 15:52 - 000933730 _____ C:\Users\M\Documents\Scan0019.pdf
2018-01-15 15:51 - 2018-01-15 15:51 - 000866569 _____ C:\Users\M\Documents\Scan0018.pdf
2018-01-15 15:14 - 2018-01-15 15:14 - 000042456 _____ C:\Users\M\Documents\Copy of rep_11054596_PYRJRN_Fri_Jan_12_14_36_41_EST_2018_XLSX_0.xlsx
2018-01-13 02:17 - 2018-01-13 02:17 - 012585192 _____ C:\Users\M\Documents\L0803340.pdf
2018-01-13 01:48 - 2018-01-13 01:48 - 013075476 _____ C:\Users\M\Downloads\L0803340.pdf
2018-01-12 14:38 - 2018-01-12 14:38 - 000023576 _____ C:\Users\M\Downloads\reports_20180112143857.zip
2018-01-12 14:27 - 2018-01-12 14:27 - 003074579 _____ C:\Users\M\Documents\Scan0017.pdf
2018-01-12 13:38 - 2018-01-12 13:38 - 000023606 _____ C:\Users\M\Downloads\reports_20180112133759.zip
2018-01-12 13:04 - 2018-01-12 13:04 - 000229372 _____ C:\Users\M\Downloads\Blank Preview Agreement Health Link HCBS Waiver Program (1).pdf
2018-01-12 09:46 - 2018-01-12 09:46 - 000003494 _____ C:\Users\M\Downloads\reports_20180112094648.zip
2018-01-12 00:51 - 2018-01-12 00:51 - 000023635 _____ C:\Users\M\Downloads\reports_20180112005107.zip
2018-01-11 17:39 - 2018-01-11 17:39 - 000376768 _____ C:\Users\M\Downloads\11054596_Employee_Data_for_Time_Clocks_Thu_Jan_11_17_38_00_EST_2018.xls
2018-01-11 16:38 - 2018-01-11 16:38 - 000075591 _____ C:\Users\M\Downloads\December Service Month Authorization.xlsx
2018-01-11 11:03 - 2018-01-11 11:03 - 000229372 _____ C:\Users\M\Downloads\Blank Preview Agreement Health Link HCBS Waiver Program.pdf
2018-01-11 11:02 - 2018-01-11 11:02 - 000510291 _____ C:\Users\M\Downloads\Single ID EFS.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000061812 _____ C:\Users\M\Downloads\Fax_20171216_715268027.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000060710 _____ C:\Users\M\Downloads\Fax_20171221_715617262.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000056235 _____ C:\Users\M\Downloads\Fax_20171228_715959035.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000051412 _____ C:\Users\M\Downloads\Fax_20180101_716144879.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000033418 _____ C:\Users\M\Downloads\Fax_20171221_715685273.pdf
2018-01-10 15:39 - 2018-01-10 15:39 - 000026196 _____ C:\Users\M\Downloads\Fax_20171221_715685232.pdf
2018-01-10 15:38 - 2018-01-10 15:38 - 000094633 _____ C:\Users\M\Downloads\Fax_20171213_715053171.pdf
2018-01-10 15:38 - 2018-01-10 15:38 - 000078657 _____ C:\Users\M\Downloads\Fax_20171213_714993813.pdf
2018-01-10 15:38 - 2018-01-10 15:38 - 000061684 _____ C:\Users\M\Downloads\Fax_20171216_715268003.pdf
2018-01-10 15:38 - 2018-01-10 15:38 - 000044438 _____ C:\Users\M\Downloads\Fax_20171215_715240941.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000194776 _____ C:\Users\M\Downloads\Fax_20171207_714582546.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000133014 _____ C:\Users\M\Downloads\Fax_20171207_714605631.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000098977 _____ C:\Users\M\Downloads\Fax_20171211_714793482.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000086269 _____ C:\Users\M\Downloads\Fax_20171211_714818600.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000083090 _____ C:\Users\M\Downloads\Fax_20171212_714955134.pdf
2018-01-10 15:37 - 2018-01-10 15:37 - 000052786 _____ C:\Users\M\Downloads\Fax_20171207_714618239.pdf
2018-01-10 15:36 - 2018-01-10 15:36 - 000118118 _____ C:\Users\M\Downloads\Fax_20171207_714555718.pdf
2018-01-10 14:35 - 2018-01-10 14:35 - 000017640 _____ C:\Users\M\Downloads\sos.update.1.10.18.xlsx
2018-01-10 11:38 - 2018-01-10 11:38 - 000003934 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
2018-01-10 11:37 - 2018-01-10 11:37 - 000000000 ____D C:\ProgramData\Dell Inc
2018-01-10 11:36 - 2018-01-10 11:37 - 002148634 _____ C:\Users\M\Downloads\010118_JudithWhite_Time_Sheets_WCAA-signedSigned.pdf
2018-01-09 13:41 - 2018-01-09 13:41 - 000914521 _____ C:\Users\M\Documents\Scan0016.pdf
2018-01-09 13:39 - 2018-01-09 13:39 - 000880228 _____ C:\Users\M\Documents\Scan0015.pdf
2018-01-09 13:16 - 2018-01-09 13:16 - 000338313 _____ C:\Users\M\Documents\Scan0014.pdf
2018-01-09 13:09 - 2018-01-09 13:09 - 000164880 _____ C:\Users\M\Downloads\RCP Associates Contract (1).pdf
2018-01-08 14:39 - 2018-01-08 14:39 - 000017539 _____ C:\Users\M\Downloads\2018.SOS.1.18.18.xlsx
2018-01-08 12:35 - 2018-01-08 12:35 - 000154465 _____ C:\Users\M\Downloads\3133688857_180108_716581623.pdf
2018-01-08 12:35 - 2018-01-08 12:35 - 000012493 _____ C:\Users\M\Downloads\3133688857_180108_716581729.pdf
2018-01-08 12:30 - 2018-01-08 12:30 - 000096087 _____ C:\Users\M\Downloads\NA_180108_716581195.pdf
2018-01-08 12:30 - 2018-01-08 12:30 - 000073061 _____ C:\Users\M\Downloads\NA_180108_716580759.pdf
2018-01-05 13:29 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-05 13:29 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-05 13:29 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-05 13:29 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-05 13:29 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-05 13:29 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-05 13:29 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-05 13:29 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-05 13:29 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-05 13:29 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-05 13:29 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-05 13:29 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-05 13:29 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-05 13:29 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-05 13:29 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-05 13:29 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-05 13:29 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-05 13:29 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-05 13:29 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
 

Broni

Malware Annihilator
2018-01-05 13:29 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-05 13:29 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-05 13:29 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-05 13:29 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-05 13:29 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-05 13:29 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-05 13:29 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-05 13:29 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-05 13:29 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-05 13:29 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-05 13:29 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-05 13:29 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-05 13:29 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-05 13:29 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-05 13:29 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-05 13:29 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-05 13:29 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-05 13:29 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-05 13:29 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-05 13:29 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-05 13:29 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-05 13:29 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-05 13:29 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-05 13:29 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-05 13:29 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-05 13:29 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-05 13:29 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-05 13:29 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-05 13:29 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-05 13:29 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-05 13:29 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-05 13:29 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-05 13:29 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-05 13:29 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-05 13:29 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-05 13:29 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-05 13:29 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-05 13:29 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-05 13:29 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-05 13:29 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-05 13:29 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-05 13:29 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-05 13:29 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-05 13:29 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-05 13:29 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-05 13:29 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-05 13:29 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-05 13:29 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-05 13:29 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-05 13:29 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-05 13:29 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-05 13:29 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-05 13:29 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-05 13:29 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-05 13:29 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-05 13:29 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-05 13:29 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-05 13:29 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-05 13:29 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-05 13:29 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-05 13:29 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-05 13:29 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-05 13:29 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-05 13:29 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-05 13:29 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-05 13:29 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-05 13:29 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-05 13:29 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-05 13:29 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-05 13:29 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-05 13:29 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-05 13:29 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-05 13:29 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-05 13:29 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-05 13:29 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-05 13:29 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-05 13:29 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-05 13:29 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-05 13:29 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-05 13:29 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-05 13:29 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-05 13:29 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-05 13:29 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-05 13:29 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-05 13:29 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-05 13:29 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-05 13:29 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-05 13:29 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-05 13:29 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-05 13:29 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-05 13:29 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-05 13:29 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-05 13:29 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-05 13:29 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-05 13:29 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-05 13:29 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-05 13:29 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-05 13:29 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-05 13:29 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-05 13:29 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-05 13:29 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-05 13:29 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-05 13:29 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-05 13:29 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-05 13:29 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-05 13:29 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-05 13:29 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-05 13:29 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-05 13:29 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-05 13:29 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-05 13:29 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-05 13:29 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-05 13:29 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-05 13:29 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-05 13:29 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-05 13:29 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-05 13:29 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-05 13:29 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-05 13:29 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-05 13:29 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-05 13:29 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-05 13:29 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-05 13:29 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-05 13:29 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-05 13:29 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-05 13:29 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-05 13:29 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-05 13:29 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-05 13:29 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-05 13:29 - 2018-01-01 06:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-05 13:29 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-05 13:29 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-05 13:29 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-05 13:29 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-05 11:19 - 2018-01-05 11:19 - 000000000 ____D C:\Program Files (x86)\Dell Update
2018-01-02 15:07 - 2018-01-02 15:07 - 001309498 _____ C:\Users\M\Documents\Scan0013.pdf
2018-01-02 09:20 - 2018-01-02 09:20 - 000026087 _____ C:\Users\M\Downloads\18700711 (1).PDF
2018-01-02 09:18 - 2018-01-02 09:18 - 000026754 _____ C:\Users\M\Downloads\18700711.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-31 09:44 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-31 09:43 - 2017-12-01 15:51 - 000003340 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2810527709-413825500-1257755514-1002
2018-01-31 09:43 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-31 09:43 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-31 09:43 - 2015-10-06 06:37 - 000002390 _____ C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 09:43 - 2014-08-24 00:28 - 000000000 __RDO C:\Users\M\OneDrive
2018-01-31 09:39 - 2017-10-12 15:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-31 09:39 - 2015-10-06 06:34 - 000000000 __SHD C:\Users\M\IntelGraphicsProfiles
2018-01-30 17:37 - 2015-03-20 16:19 - 000000000 ___RD C:\Users\M\Documents\SOS
2018-01-30 16:40 - 2017-12-01 15:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-29 17:55 - 2017-12-01 15:47 - 000000000 ____D C:\Users\M\AppData\Local\Packages
2018-01-25 20:33 - 2017-12-01 15:54 - 001008114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-25 20:26 - 2017-12-01 15:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-25 20:26 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-25 20:26 - 2016-03-18 10:28 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-25 20:08 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-25 19:28 - 2016-03-18 10:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-24 12:23 - 2014-08-24 00:52 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-19 18:32 - 2016-03-18 10:26 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-01-19 09:19 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-19 09:19 - 2014-05-25 07:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-14 23:10 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-11 23:12 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-11 23:10 - 2017-12-01 15:54 - 000000000 ___RD C:\Users\M\3D Objects
2018-01-11 23:10 - 2015-09-10 00:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-11 23:09 - 2017-12-01 15:44 - 000430728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-11 23:09 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-09 13:15 - 2014-08-29 23:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-09 13:11 - 2017-10-10 13:23 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-09 13:11 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-09 13:11 - 2014-08-29 23:38 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-05 21:13 - 2014-09-22 09:23 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-05 21:13 - 2014-09-22 09:23 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-05 13:30 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-05 13:30 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-05 13:30 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-05 11:19 - 2014-05-25 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-01-02 14:44 - 2014-09-07 12:39 - 000000000 ____D C:\Users\M\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2016-04-20 22:15 - 2016-04-20 22:15 - 063849440 _____ () C:\Users\M\WDMyCloud_win.exe
2016-02-15 10:41 - 2016-02-15 10:42 - 000007601 _____ () C:\Users\M\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-01-25 19:25 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\Users\M\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-26 12:31

==================== End of FRST.txt ============================
 

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by M (31-01-2018 09:47:18)
Running from C:\Users\M\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-01 20:52:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2810527709-413825500-1257755514-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2810527709-413825500-1257755514-503 - Limited - Disabled)
Guest (S-1-5-21-2810527709-413825500-1257755514-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2810527709-413825500-1257755514-1004 - Limited - Enabled)
M (S-1-5-21-2810527709-413825500-1257755514-1002 - Administrator - Enabled) => C:\Users\M
WDAGUtilityAccount (S-1-5-21-2810527709-413825500-1257755514-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 373.06 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{8D7B279C-A661-465C-9658-F62FBD6A6B91}) (Version: 2.1.3.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.70.000 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.28.0.6039 (HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\GoToMeeting) (Version: 7.28.0.6039 - CitrixOnline)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.7.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{18a91b56-a919-4c87-b3bb-2dbcd9b7cc13}) (Version: 17.0.2 - Intel Corporation)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KB4023057 (HKLM\...\{264FDD69-C4DF-476F-B1B8-7DCEE4AF839B}) (Version: 2.4.0.0 - Microsoft Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6570.1 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2153 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Standard 2013 - en-us (HKLM\...\VisioStdRetail - en-us) (Version: 15.0.4953.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.5.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.026 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.1.0 - Adlice Software)
ScanSnap Manager (HKLM-x32\...\{10849A02-8B94-4943-A0B9-6F198486239A}) (Version: 6.5.61.2.2 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{C3F4BE6A-B798-4B50-99CA-B8B8F17FE56B}) (Version: 6.5.40.4.6 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.5L61 - PFU)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0046 - ST Microelectronics)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Warframe (HKLM-x32\...\{1A5F54E0-339B-481F-95C2-91B9923609D3}) (Version: 1.0.0 - Digital Extremes)
WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2810527709-413825500-1257755514-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-83A772A7501F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2810527709-413825500-1257755514-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\M\AppData\Local\Citrix\GoToMeeting\6039\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2810527709-413825500-1257755514-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-28] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-10-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050DC113-2FD9-4063-B3C5-E01D2E040A23} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {0B5F92D2-1E33-4870-B343-6F54500DCBF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {128472C8-01E8-4745-AF9B-A220972F80E3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-18] ()
Task: {17FAB83A-A00D-48B9-A213-5BFF279AA476} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-mpipis@sbcglobal.net => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {1DDF1D73-7E38-4055-9264-B9D0E6FC85DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files (x86)\Microsoft Office\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {1F57C41D-9DAD-433A-80A1-5E2502B8F2CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {246411A5-BCEC-46D7-A74E-D53610D679AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {275B394B-8551-476C-BC5A-E14C35EC733C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {302508B4-9E73-4BD5-A4CF-E183E988D758} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3E192F26-741B-46DD-A21A-AB1203F4E652} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4336FC9C-4E53-4C09-90C1-8CC12733893C} - System32\Tasks\{7CD3CED9-F5DF-4F8F-A193-0829F3240E58} => C:\Windows\system32\pcalua.exe -a C:\Users\M\AppData\Local\Microsoft\Windows\INetCache\IE\68S8K2QZ\EasyTransferCableWin8.exe -d C:\Users\M\Desktop
Task: {5089A744-DAF6-4977-A76A-1151E3F2444F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-18] ()
Task: {510EC9A4-60FD-4DAB-9A81-2E2A97AB0CA4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {5372F502-EC29-49D1-927D-9303D4BE2C45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {61F163A9-E8EC-46A6-BCFA-3F2083325E09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files (x86)\Microsoft Office\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {681E79AE-85E9-45A9-BC19-C68BD95C41A1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {69360015-F6B5-40EB-A9C6-2C2AA82F06C6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {6AC1A6F9-5433-48E8-9F55-A86E8D5190D1} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
Task: {70C343CC-4693-495F-86A1-D2811C42EAC7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {71071769-43F3-4DAB-B9D6-1B0B551D35F5} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-03-09] (Realtek Semiconductor)
Task: {71D57222-C942-4ABE-BA14-0E44A0BBD5A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7F0E08E1-8ABA-49CC-9343-80E4E1336291} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {84EA9C8B-C9CF-4EE2-B3FE-EEDB8DBB1FF7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8AAE042C-4793-474D-9244-A8FABEBDD887} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {8B3F833D-CC1F-4B22-94BD-4232D29FE845} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-02-16] (Synaptics Incorporated)
Task: {8B786EF3-D346-4D64-83E5-14D3689457F9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {8D5B84ED-274F-43BE-BB1D-F909E34AEE40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {957AABF2-154E-46DE-AAC9-4F96140E7FB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9B970A95-7817-4BBA-A3D4-94F865B8A5D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {A3D19238-0498-472A-82C7-2F32BE9AAFBB} - System32\Tasks\G2MUpdateTask-S-1-5-21-2810527709-413825500-1257755514-1002 => C:\Users\M\AppData\Local\Citrix\GoToMeeting\4542\g2mupdate.exe [2016-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A50116EE-B97F-48D5-A63F-7AECD1D58CCA} - System32\Tasks\Intel(R) Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-08] (Intel)
Task: {B1682BBC-F27C-4572-9291-B209267A53DD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9C12FA9-24B9-4C46-8A28-8B0A3C2E4DBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C361C936-CE9B-4F59-8206-2BF0AC6EFF5F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D4CD5DF2-E0B6-4076-8295-D9A4046602F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {DDCA1465-5E7B-40FF-97C2-02D01D0E0832} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E588C347-0D5D-465A-8234-D31F1933B489} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E7B9D345-236F-45B6-8B9F-B6BCC5B4CB55} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
Task: {F125B8C6-A481-46E2-B3FA-584869A28369} - System32\Tasks\{7BE433A4-F302-4EFB-9E2F-9092480F5249} => C:\Windows\system32\pcalua.exe -a C:\Users\M\AppData\Local\Temp\Temp1_F5U279-Drivers-Vista-XP-EN.zip\EasyTransferCableWin7.exe <==== ATTENTION
Task: {F84DEBF7-B1C6-4C79-AD88-14824D40353E} - System32\Tasks\G2MUploadTask-S-1-5-21-2810527709-413825500-1257755514-1002 => C:\Users\M\AppData\Local\Citrix\GoToMeeting\4542\g2mupload.exe [2016-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FBB2EF99-1D3F-4EA3-9B12-820A96454BB2} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {FE67BB26-2059-4105-80C1-11340F907344} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2810527709-413825500-1257755514-1002.job => C:\Users\M\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2810527709-413825500-1257755514-1002.job => C:\Users\M\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-05 17:17 - 2016-10-05 17:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:17 - 2016-10-05 17:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-19 18:33 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-19 18:33 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-10-12 15:07 - 2016-10-01 14:53 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 000553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-02-28 00:17 - 2017-02-28 00:17 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-12-01 18:37 - 2017-12-01 18:37 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-01 18:37 - 2017-12-01 18:37 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-05 21:13 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-05 21:13 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-09-19 09:35 - 2017-09-19 09:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2014-05-25 07:36 - 2013-09-11 23:37 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-30 23:50 - 2016-06-14 20:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-07-31 19:38 - 2016-12-13 13:08 - 002016256 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2017-07-31 19:38 - 2016-07-07 12:45 - 001808384 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2017-07-31 19:38 - 2003-03-26 17:46 - 000135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2017-07-31 19:38 - 2010-08-24 15:56 - 000167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2017-07-31 19:38 - 2013-03-12 08:43 - 000888832 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2810527709-413825500-1257755514-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\M\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "EPSON_UD_START"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2810527709-413825500-1257755514-1002\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FEB360F1-6AC9-4946-845B-7FB4A18381A5}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{5A06FBCB-26F3-443B-A01F-9424CDC117D3}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{E6B3B378-6534-46B0-AA3C-48F855B10472}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{FECE9007-66AD-4CE4-B284-373FAD5708E0}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{9AEE2725-ADE0-4721-A7AF-6B345C4F02DD}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{A0BCB9C4-A6B2-4044-9EF8-99E36E19C6B4}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{44D255E2-DAB9-4DAA-87A1-75A684C4EEBB}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{A34328B8-09A9-469E-BE81-5E1117F3C58B}] => (Allow) C:\Users\M\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{0FE4F166-A62E-4C5C-8EF7-3C8C07F157C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B332D4D2-53BE-4630-93E4-5EE6C82A6D99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7CC2F7B-B894-44C2-85CD-7A289C3EFC41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A8931E0F-A6B8-4C9C-AD66-6D9640687700}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1A840DFE-3367-4BB0-93A1-8D0A1564B932}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F60253E-C881-405F-BF6B-856B02C57E84}] => (Allow) LPort=1900
FirewallRules: [{BBB3C98E-D8B1-4D04-B81A-140A4BE0482D}] => (Allow) LPort=2869
FirewallRules: [{516C4C89-5F4D-4814-977A-6F86D0A6EB52}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C8859F2C-5C47-4583-A363-EB1870FFFAC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22BD9902-994B-4140-8939-13C9C1A8EAF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D5A4CDC-AE79-4EC3-90C4-50EE2B2FF11C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{47946295-7AE7-4AF6-82BA-9A90216DAD5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1C7AA615-455F-4162-83E1-3C200D71280C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{193CDF82-C723-4B2A-8CD1-D3A2A2018A8E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{FC8464A5-EE0A-4D95-965F-F866DE54DA01}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{761AFCB4-802C-48EA-B4AB-4008FC70BC43}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DA3355CD-F711-4283-81E5-870BB89017D6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1894B355-F616-4634-8A20-27FCAD0EAED6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{83D6E5F4-0BB6-41D1-A33D-BE7E0EADECB4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{19985E9F-6AF0-4422-8050-08C6CACFE087}C:\users\m\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\m\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{096229C2-ABE9-47E2-A953-54CD326988C8}C:\users\m\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\m\appdata\local\akamai\netsession_win.exe
FirewallRules: [{5635A5F2-3CE4-4D61-AA57-0CD04589090E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{E2640C3F-A7FF-4575-934E-BFC3D87D8403}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{8D644193-3DC8-4A3F-9E66-F7DAC15BF39B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{4B19B7A0-8233-4F09-B4C9-8D10A0DF9A9E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{9C0D78C0-BADA-4525-A819-95FECB61F8C2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{10936A9F-C4E6-440A-9550-45ED59BC5B2C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0E9F5A07-03B7-4C6C-9BF7-B06A21123042}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4F76C0DB-ECA5-479D-8E28-BE5AD79F87B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D041F4B9-3B22-4083-9DCD-759A650AB05A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{ADB13BFE-9A93-4145-8CE8-94C14286FEC5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{30649D70-5572-436D-9F66-07C9AE36DF0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{A48CEA44-5636-48F0-BE62-660FD5DB2E05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{36165F51-E3F0-4C91-B5E0-96D503ED2DDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A451CD9E-C91E-44A8-B056-23B3A0F44F08}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

09-01-2018 13:10:45 Windows Update
19-01-2018 10:45:57 Scheduled Checkpoint
26-01-2018 12:32:17 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2018 09:44:57 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 8

Error: (01/31/2018 09:44:57 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 8

Error: (01/31/2018 09:42:38 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/31/2018 09:39:40 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (01/30/2018 06:22:00 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (01/30/2018 06:22:00 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (01/30/2018 06:02:23 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 7

Error: (01/30/2018 06:02:23 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 7

Error: (01/30/2018 05:57:05 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (01/30/2018 05:38:15 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.


System errors:
=============
Error: (01/31/2018 09:42:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (01/31/2018 09:42:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 09:40:24 AM) (Source: DCOM) (EventID: 10016) (User: M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user M\M SID (S-1-5-21-2810527709-413825500-1257755514-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 09:39:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 09:39:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 09:39:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 09:39:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2018 06:12:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/30/2018 06:00:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (01/30/2018 05:57:31 PM) (Source: DCOM) (EventID: 10016) (User: M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user M\M SID (S-1-5-21-2810527709-413825500-1257755514-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2018-01-31 09:43:21.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-31 09:43:21.008
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-31 09:43:19.045
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-31 09:43:19.044
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-31 09:43:11.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-31 09:43:11.884
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-31 09:43:10.649
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-31 09:43:10.647
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-31 09:42:47.558
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-31 09:42:47.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4712HQ CPU @ 2.30GHz
Percentage of memory in use: 24%
Total physical RAM: 16287.05 MB
Available physical RAM: 12255.11 MB
Total Virtual: 18719.05 MB
Available Virtual: 14596.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:459.12 GB) (Free:291.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 5DF84E0D)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Broni

Malware Annihilator
Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by M (03-02-2018 14:18:59) Run:1
Running from C:\Users\M\Downloads\FRST-OlderVersion
Loaded Profiles: M (Available Profiles: M)
Boot Mode: Normal
==============================================

fixlist content:
*****************
2016-04-20 22:15 - 2016-04-20 22:15 - 063849440 _____ () C:\Users\M\WDMyCloud_win.exe
2016-02-15 10:41 - 2016-02-15 10:42 - 000007601 _____ () C:\Users\M\AppData\Local\resmon.resmoncfg
2018-01-25 19:25 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\Users\M\AppData\Local\Temp\dllnt_dump.dll
CustomCLSID: HKU\S-1-5-21-2810527709-413825500-1257755514-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-83A772A7501F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {1F57C41D-9DAD-433A-80A1-5E2502B8F2CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {275B394B-8551-476C-BC5A-E14C35EC733C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {302508B4-9E73-4BD5-A4CF-E183E988D758} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3E192F26-741B-46DD-A21A-AB1203F4E652} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {70C343CC-4693-495F-86A1-D2811C42EAC7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {84EA9C8B-C9CF-4EE2-B3FE-EEDB8DBB1FF7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8D5B84ED-274F-43BE-BB1D-F909E34AEE40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {957AABF2-154E-46DE-AAC9-4F96140E7FB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B1682BBC-F27C-4572-9291-B209267A53DD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9C12FA9-24B9-4C46-8A28-8B0A3C2E4DBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C361C936-CE9B-4F59-8206-2BF0AC6EFF5F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DDCA1465-5E7B-40FF-97C2-02D01D0E0832} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F125B8C6-A481-46E2-B3FA-584869A28369} - System32\Tasks\{7BE433A4-F302-4EFB-9E2F-9092480F5249} => C:\Windows\system32\pcalua.exe -a C:\Users\M\AppData\Local\Temp\Temp1_F5U279-Drivers-Vista-XP-EN.zip\EasyTransferCableWin7.exe <==== ATTENTION
C:\Windows\system32\pcalua.exe -a C:\Users\M\AppData\Local\Temp\Temp1_F5U279-Drivers-Vista-XP-EN.zip

*****************

C:\Users\M\WDMyCloud_win.exe => moved successfully
C:\Users\M\AppData\Local\resmon.resmoncfg => moved successfully
"C:\Users\M\AppData\Local\Temp\dllnt_dump.dll" => not found
"HKU\S-1-5-21-2810527709-413825500-1257755514-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-83A772A7501F}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F57C41D-9DAD-433A-80A1-5E2502B8F2CD} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F57C41D-9DAD-433A-80A1-5E2502B8F2CD}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{275B394B-8551-476C-BC5A-E14C35EC733C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{275B394B-8551-476C-BC5A-E14C35EC733C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{302508B4-9E73-4BD5-A4CF-E183E988D758}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{302508B4-9E73-4BD5-A4CF-E183E988D758}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E192F26-741B-46DD-A21A-AB1203F4E652}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E192F26-741B-46DD-A21A-AB1203F4E652}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70C343CC-4693-495F-86A1-D2811C42EAC7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70C343CC-4693-495F-86A1-D2811C42EAC7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84EA9C8B-C9CF-4EE2-B3FE-EEDB8DBB1FF7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84EA9C8B-C9CF-4EE2-B3FE-EEDB8DBB1FF7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D5B84ED-274F-43BE-BB1D-F909E34AEE40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D5B84ED-274F-43BE-BB1D-F909E34AEE40}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{957AABF2-154E-46DE-AAC9-4F96140E7FB9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{957AABF2-154E-46DE-AAC9-4F96140E7FB9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1682BBC-F27C-4572-9291-B209267A53DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1682BBC-F27C-4572-9291-B209267A53DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9C12FA9-24B9-4C46-8A28-8B0A3C2E4DBE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9C12FA9-24B9-4C46-8A28-8B0A3C2E4DBE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C361C936-CE9B-4F59-8206-2BF0AC6EFF5F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C361C936-CE9B-4F59-8206-2BF0AC6EFF5F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDCA1465-5E7B-40FF-97C2-02D01D0E0832}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDCA1465-5E7B-40FF-97C2-02D01D0E0832}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F125B8C6-A481-46E2-B3FA-584869A28369}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F125B8C6-A481-46E2-B3FA-584869A28369}" => removed successfully
C:\WINDOWS\System32\Tasks\{7BE433A4-F302-4EFB-9E2F-9092480F5249} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7BE433A4-F302-4EFB-9E2F-9092480F5249}" => removed successfully
"C:\Windows\system32\pcalua.exe -a C:\Users\M\AppData\Local\Temp\Temp1_F5U279-Drivers-Vista-XP-EN.zip" => not found

==== End of Fixlog 14:19:03 ====
 

Broni

Malware Annihilator
Last scans...

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

mpipis

TS Member
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 40
Java version 32-bit out of Date!
Google Chrome (63.0.3239.132)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by M (administrator) on 06-02-2018 at 07:59:13
Running from "C:\Users\M\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

Sophos did not find any threats.
 

Broni

Malware Annihilator
Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

======================================

Your computer is clean


1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.