Jump to content

nodsh

Members
  • Content Count

    1,020
  • Joined

  • Last visited

  • Days Won

    1

About nodsh

  • Rank
    $ Supporting Member

Profile Information

  • Gender
    Male
  • OS
    Windows 10

Profile Fields

  • Country

Recent Profile Visitors

3,391 profile views
  1. nodsh

    Roks Motorcycle Shop Jukebox list

    Rok , you nailed it again . Don't know between "spill the wine" or " poor until payday " was my favorite , I"m kind of leaning towards the latter . Thanks good post
  2. I vote yes , but i do understand the no votes .. I believe the state's cannot do it alone , they need federal influence to get the job done. We spend from what I"m led to believe more money on defense then the next 10 countries , put together ,still don't understand . Don't get me wrong I believe good defense is a deterrent also , but why the cost , we are a free and democratic ,and we have the spirit and desire to maintain that at no cost if it becomes necessary , and if you understand what i just stated , it was not money spent , but the desire to do what is necessary . If you follow history , the bad ones , we overcame , men volunteered , women worked in factories , family's did without for the cause , Our defense budget was increased by a another big jump , It has been said , I don't need more "abrams tanks " we have too many , that is just another example . Why !!! I haven't traveled in other countries , but I've heard from some of my friends , Japan has a remarkable record with their high speed train , Germany has a good transportation , Ireland , and Scotland had a good system from what I"m told . There are other examples , but I want to get the point . It is understood , that the government was involved in the road situation , because big business wanted to sell a car to every family , It was a money thing for corporations , public transportation was put on the back burner so to speak . We have neglected our infrastructure far way too long , I don't think it was necessary to do this in boiling point !! Thanks for allowing me my two cents <S>
  3. nodsh

    The drive where Windows is installed is locked

    Broni , gave you good advice . But I can comment on the command line issue , If i remember right , (I always say that ), <S> X is seen as a drive so "CD" won't get you to your drive . type X:\ or cd \ to get to the root then <drive letter>: your drive probably won't be C like E: example prompt X\: E: enter key You then need to some command like dir to see whats there ; also the are diskpart and list volume etc; to see what you do have on the hard drive . Dell will have hidden partitions before and after which are tools and recovery etc; I personally believe they have enough primary to stop dual booting people , You cannot dual boot with out doing some partition work. I have also found out if you try to install an os on a dell computer with a os that has a newer version then the one you are putting on such as new ser pac , it should tell you , but sometimes it doesn't and it will fail !! You can always boot to a live linux disc and format the drive , then get an iso of what the original os was , it won't ask for the product key and then run your pro version as an upgrade , maybe your product key was an upgrade ??? Maybe your recovery partition is still there and you might be capable of repair or restore to factory condition , dell has key combination on boot up to access it i think . If you want post your contents of those commands here , but I think it would be easier for you to take Broni advice Rule 1 recommended to do chkdsk before installing Good luck
  4. feedback , computer doing great ,,, Just a follow up , what do you think of my comment about "AVG" also might be one of the problems has far as being slow on boot up and sluggish ??? I try to be impartial on manufacturers of computers , utilities , tools ,and AV , that others like . But this time It did seem to be an improvement on top of what you did . I do want to be careful in saying that , maybe this was just a coincident , need more feedback to know ?? and again THANK YOU Bold is not good enough
  5. Broni ,, beautiful video , tell dad next time he's online to comb his hair <S> love that hair !!!!
  6. When some of the computer makers came out without the harddrive activity light , this in my mind was a big mistake , we as hardware guys liked to look and see how active and could adjust what we were doing at the time by those lites How many of you agree with me on this ????
  7. Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` AVG Web TuneUp ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamtray.exe Windows Defender MSASCuiL.exe `````````````````System Health check````````````````` Total Fragmentation on Drive 😄 % ````````````````````End of Log``````````````````````
  8. Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` AVG Web TuneUp ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamtray.exe Windows Defender MSASCuiL.exe `````````````````System Health check````````````````` Total Fragmentation on Drive 😄 % ````````````````````End of Log`````````````````````` Farbar Service Scanner Version: 27-01-2016 Ran by Janet (administrator) on 22-09-2018 at 19:53:13 Running from "C:\Users\Janet\Desktop" Microsoft Windows 10 Home (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  9. Fix result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018 Ran by Janet (22-09-2018 19:09:56) Run:1 Running from C:\Users\Janet\Desktop Loaded Profiles: Janet (Available Profiles: Janet & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** SearchScopes: HKU\S-1-5-21-2522845462-502705314-3011215565-1001 -> {19754ED9-09E2-49D3-B1A2-AC3FC51FB0F4} URL = U1 avgbdisk; no ImagePath S3 BTATH_BUS; \SystemRoot\S ystem32\dri vers\btath_bus.sys [X] 2018-09-21 13:09 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\Users\Janet\AppData\Local\Temp\dllnt_dump.dll ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB 1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No F ile Task: {049A2024-9628-4B38-B79E-634DBF581771} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTI O N Task: {0A28DB86-BB60-422E-8082-14721623E388} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {111DB023-0533-4175-898A-D7EECE9BB34A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {1161B9EE-B3A7-420A-9D70-1AFCCF8A84E4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {179231F2-13DB-4FC2-BC32-0CE0A4BE1CB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {179966CE-BF7C-4736-A256-EDA4802082AE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {2CBF038F-F2BC-44D8-8782-198BC2F34ACF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {2DB7664F-B584-46F5-9CF9-9D371C40CA1D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {580EDB19-EF50-42EA-BDB2-386F5669AA4B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {60B1A4E2-53D8-4885-90BE-8AFAE2A2185C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Ta sk: {7E2F886A-9191-40F4-8A0A-0D17D7412311} - \Microsoft\Windows\Setup\GWXTriggers\Machi neUnlock-5d -> No File <==== ATTENTION Task: {A38AFBEC-4C70-45F7-9AED-3866F81911BE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION T ask: {A3C423AB-71B9-41B5-8A0F-14F4A63AF85C} - \WPD\SqmU pload_S-1-5-21-2522845462-502705314-3011215565-1001 -> No F ile <==== ATTENTION Task: {FEE0B01F-029A-4081-8C95-B1305F6E1174} - \GenericSettin gsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2522845462-502705314-3011215565-1001 -> No File <==== ATTENTION Alte rnateDataStreams: C:\Users\Janet\Downloads\WEQuV2luNyBQb29sICRT Mi0z.ica:icasource [208] ***************** "HKU\S-1-5-21-2522845462-502705314-3011215565-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19754ED9-09E2-49D3-B1A2-AC3FC51FB0F4}" => removed successfully HKLM\Software\Classes\CLSID\{19754ED9-09E2-49D3-B1A2-AC3FC51FB0F4} => not found "HKLM\System\CurrentControlSet\Services\avgbdisk" => removed successfully avgbdisk => service removed successfully S3 BTATH_BUS; \SystemRoot\S ystem32\dri vers\btath_bus.sys [X] => Error: No automatic fix found for this entry. C:\Users\Janet\AppData\Local\Temp\dllnt_dump.dll => moved successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully HKLM\Software\Classes\CLSID\{3AB 1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{049A2024-9628-4B38-B79E-634DBF581771}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{049A2024-9628-4B38-B79E-634DBF581771}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A28DB86-BB60-422E-8082-14721623E388}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A28DB86-BB60-422E-8082-14721623E388}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{111DB023-0533-4175-898A-D7EECE9BB34A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111DB023-0533-4175-898A-D7EECE9BB34A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1161B9EE-B3A7-420A-9D70-1AFCCF8A84E4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1161B9EE-B3A7-420A-9D70-1AFCCF8A84E4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{179231F2-13DB-4FC2-BC32-0CE0A4BE1CB4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{179231F2-13DB-4FC2-BC32-0CE0A4BE1CB4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{179966CE-BF7C-4736-A256-EDA4802082AE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{179966CE-BF7C-4736-A256-EDA4802082AE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CBF038F-F2BC-44D8-8782-198BC2F34ACF}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CBF038F-F2BC-44D8-8782-198BC2F34ACF}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DB7664F-B584-46F5-9CF9-9D371C40CA1D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DB7664F-B584-46F5-9CF9-9D371C40CA1D}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{580EDB19-EF50-42EA-BDB2-386F5669AA4B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{580EDB19-EF50-42EA-BDB2-386F5669AA4B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60B1A4E2-53D8-4885-90BE-8AFAE2A2185C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60B1A4E2-53D8-4885-90BE-8AFAE2A2185C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully Ta sk: {7E2F886A-9191-40F4-8A0A-0D17D7412311} - \Microsoft\Windows\Setup\GWXTriggers\Machi neUnlock-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A38AFBEC-4C70-45F7-9AED-3866F81911BE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A38AFBEC-4C70-45F7-9AED-3866F81911BE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully T ask: {A3C423AB-71B9-41B5-8A0F-14F4A63AF85C} - \WPD\SqmU pload_S-1-5-21-2522845462-502705314-3011215565-1001 -> No F ile <==== ATTENTION => Error: No automatic fix found for this entry. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\ {FEE0B01F-029A-4081-8C95-B1305F6E1174} => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\ {FEE0B01F-029A-4081-8C95-B1305F6E1174} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree \GenericSettin gsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2522845462-502705314-3011215565-1001" => not found Alte rnateDataStreams: C:\Users\Janet\Downloads\WEQuV2luNyBQb29sICRT Mi0z.ica:icasource [208] => Error: No automatic fix found for this entry. ==== End of Fixlog 19:10:12 ====
  10. I used the tool and even got another from a link recommended , i even did it in safe mode advised by their forum . since running the tool ,I think it is going now , either way it sure boots up faster and seems a lot better without it . It is a lot better now after running the tools . I do see some things in FRST logs that need some attention I ran a FRST before and after just to see if different on the avg tool The one posted is the one after
  11. This is a heads up for info . I had to do a laptop screen for a friend , All the info I found in the beginning , showed removing the motherboard etc:; I really didn't want to get that involved , cause I just doing it for nothing . And there are no locals here that do that, let alone if they did , too be reasonable. So I kept researching , and low and behold found this site , showed a very simple way , only took 1/2 hour or so. It was delicate work ,but laptops are anyway , I hoping I can find someone else in the future , cause I just don't know how to say NO Reminds me of the days being a mechanic , "MOTOR manual " was not the greatest at the time "CHILTONS" had shortcuts and tricks Pays to do homework before doing .
  12. Broni sorry I didn't follow the proper order , Please forgive , I'm thinking you will see programs that might need to be uninstalled etc; again sorry !!
  13. Sorry I jumped the gun and ran FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018 Ran by Janet (administrator) on MOONSHINE (22-09-2018 11:45:29) Running from C:\Users\Janet\Desktop Loaded Profiles: Janet (Available Profiles: Janet & Administrator) Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\pcdrwi.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\SystemIdleCheck.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-24] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [410616 2017-02-16] () HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [600496 2015-07-07] (Waves Audio Ltd.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation) HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [526648 2016-11-07] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2016-11-07] (Citrix Systems, Inc.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation) HKU\S-1-5-21-2522845462-502705314-3011215565-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 Tcpip\..\Interfaces\{61fcb7bd-a540-4982-bf0b-7c5a1b424a8d}: [DhcpNameServer] 192.168.254.254 Internet Explorer: ================== HKU\S-1-5-21-2522845462-502705314-3011215565-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome SearchScopes: HKU\S-1-5-21-2522845462-502705314-3011215565-1001 -> {19754ED9-09E2-49D3-B1A2-AC3FC51FB0F4} URL = SearchScopes: HKU\S-1-5-21-2522845462-502705314-3011215565-1001 -> {D77D27E2-0845-49A9-BF23-E028D1BE15CC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US105D20151121&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-17] (Microsoft Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-17] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-17] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-17] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-17] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) FireFox: ======== FF DefaultProfile: v7y3b8b5.default FF ProfilePath: C:\Users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v7y3b8b5.default [2018-09-21] FF NetworkProxy: Mozilla\Firefox\Profiles\v7y3b8b5.default -> type", 0 FF HomepageOverride: Mozilla\Firefox\Profiles\v7y3b8b5.default -> Enabled: web@Maps FF HomepageOverride: Mozilla\Firefox\Profiles\v7y3b8b5.default -> Enabled: avg@toolbar FF NewTabOverride: Mozilla\Firefox\Profiles\v7y3b8b5.default -> Enabled: web@Maps FF NewTabOverride: Mozilla\Firefox\Profiles\v7y3b8b5.default -> Enabled: avg@toolbar FF SearchPlugin: C:\Users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\v7y3b8b5.default\searchplugins\McSiteAdvisor.xml [2016-03-20] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File] FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-11-07] (Citrix Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-17] (Microsoft Corporation) Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-07-11] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-07-11] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows (R) Win 7 DDK provider) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9658664 2018-09-08] (Microsoft Corporation) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe [935744 2018-08-20] (PC-Doctor, Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) S2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-09-12] (CloudBees, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-24] (Realtek Semiconductor) R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-09-12] (Rivet Networks) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [45016 2018-07-08] (Dell Inc.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-09-17] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-09-17] (Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] () R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.) R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193256 2018-09-22] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [117472 2018-09-22] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [52328 2018-09-22] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-09-22] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [109872 2018-09-22] (Malwarebytes) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek ) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [412400 2015-08-05] (Realsil Semiconductor Corporation) R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-09-12] (Rivet Networks, LLC.) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-09-21] () S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-09-17] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-09-17] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-09-17] (Microsoft Corporation) U1 avgbdisk; no ImagePath S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-22 11:45 - 2018-09-22 11:46 - 000021665 _____ C:\Users\Janet\Desktop\FRST.txt 2018-09-22 11:37 - 2018-09-22 11:37 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-09-22 11:36 - 2018-09-22 11:39 - 000230940 _____ C:\WINDOWS\ntbtlog.txt 2018-09-21 18:22 - 2018-09-21 18:22 - 000013790 _____ C:\Users\Janet\Desktop\mbam2.txt 2018-09-21 17:59 - 2018-09-21 18:00 - 000043072 _____ C:\Users\Janet\Desktop\FRST1 (2).txt 2018-09-21 17:58 - 2018-09-21 18:00 - 000065313 _____ C:\Users\Janet\Desktop\FRST1 (1).txt 2018-09-21 17:57 - 2018-09-22 11:45 - 000000000 ____D C:\FRST 2018-09-21 16:13 - 2018-09-21 16:12 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe 2018-09-21 15:45 - 2018-09-22 11:40 - 000000000 ____D C:\AVG_Remover 2018-09-21 15:42 - 2018-09-21 15:42 - 000004261 _____ C:\Users\Janet\Desktop\AdwCleaner[C00].txt 2018-09-21 15:34 - 2018-09-21 15:35 - 000000000 ____D C:\AdwCleaner 2018-09-21 15:24 - 2018-09-21 15:24 - 000008018 _____ C:\Users\Janet\Desktop\rouge log.txt 2018-09-21 13:51 - 2018-09-21 13:51 - 000003668 _____ C:\WINDOWS\System32\Tasks\Pcd.DriverScan.GXXWJ 2018-09-21 13:51 - 2018-09-21 13:51 - 000003668 _____ C:\WINDOWS\System32\Tasks\Pcd.DriverScan.7TGCX 2018-09-21 13:09 - 2018-09-21 13:09 - 000000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-09-21 13:09 - 2018-09-21 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-09-21 13:09 - 2018-09-21 13:09 - 000000000 ____D C:\Program Files\RogueKiller 2018-09-21 12:43 - 2018-09-21 13:22 - 000003144 _____ C:\WINDOWS\System32\Tasks\SmartByte Telemetry 2018-09-21 12:42 - 2018-09-21 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rivet Networks 2018-09-21 12:42 - 2018-09-21 12:42 - 000000000 ____D C:\Program Files\Rivet Networks 2018-09-21 12:18 - 2018-09-22 11:42 - 000052328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-09-21 12:18 - 2018-09-21 12:18 - 000000000 ____D C:\Users\Janet\AppData\Local\mbam 2018-09-21 12:17 - 2018-09-22 11:42 - 000117472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-09-21 12:17 - 2018-09-22 11:42 - 000109872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-09-21 12:17 - 2018-09-22 11:41 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-09-21 12:17 - 2018-09-22 11:37 - 000193256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-09-21 12:17 - 2018-09-21 12:17 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-09-21 12:17 - 2018-09-21 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-21 12:17 - 2018-09-21 12:17 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-09-21 12:17 - 2018-09-21 12:17 - 000000000 ____D C:\Program Files\Malwarebytes 2018-09-21 12:17 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2018-09-18 13:22 - 2018-09-18 13:23 - 081615816 _____ (Malwarebytes ) C:\Users\Janet\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6871.exe 2018-09-18 13:18 - 2018-09-18 13:18 - 002413568 _____ (Farbar) C:\Users\Janet\Desktop\FRST64.exe 2018-09-18 13:15 - 2018-09-18 13:15 - 007567568 _____ (Malwarebytes) C:\Users\Janet\Downloads\AdwCleaner.exe 2018-09-18 13:14 - 2018-09-18 13:14 - 036868304 _____ (Adlice Software ) C:\Users\Janet\Downloads\RogueKiller_setup_ref3.exe 2018-09-18 13:11 - 2018-09-18 13:11 - 007986864 _____ ( ) C:\Users\Janet\Downloads\AVG_Remover.exe 2018-09-18 12:56 - 2018-09-18 12:56 - 000000000 ____D C:\Users\Janet\AppData\Local\DELL 2018-09-18 12:44 - 2018-09-18 12:44 - 000857928 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2018-09-18 12:44 - 2018-09-18 12:44 - 000000000 ____D C:\Users\Janet\AppData\Roaming\Intel Corporation 2018-09-18 12:29 - 2018-09-18 12:30 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth 2018-09-18 12:28 - 2015-06-07 21:15 - 000011406 ____N C:\WINDOWS\system32\athw10x.cat 2018-09-18 12:28 - 2015-05-17 23:33 - 004301304 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw10x.sys 2018-09-18 12:20 - 2018-09-18 12:20 - 000000000 ____D C:\Users\Janet\AppData\Local\D3DSCache 2018-09-18 11:59 - 2018-09-04 19:04 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-09-18 11:59 - 2018-09-04 19:04 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-09-17 21:18 - 2018-09-17 21:18 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-09-17 21:18 - 2018-09-17 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-09-17 17:37 - 2018-08-30 23:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-09-17 17:37 - 2018-08-30 23:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-09-17 17:37 - 2018-08-30 23:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-09-17 17:37 - 2018-08-30 23:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-09-17 17:37 - 2018-08-28 03:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2018-09-17 17:36 - 2018-08-31 03:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-09-17 17:36 - 2018-08-31 03:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-09-17 17:36 - 2018-08-31 03:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2018-09-17 17:36 - 2018-08-31 03:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2018-09-17 17:36 - 2018-08-31 03:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll 2018-09-17 17:36 - 2018-08-31 03:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2018-09-17 17:36 - 2018-08-31 03:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2018-09-17 17:36 - 2018-08-31 03:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2018-09-17 17:36 - 2018-08-31 03:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2018-09-17 17:36 - 2018-08-31 03:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2018-09-17 17:36 - 2018-08-31 02:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2018-09-17 17:36 - 2018-08-31 02:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2018-09-17 17:36 - 2018-08-31 02:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll 2018-09-17 17:36 - 2018-08-31 02:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2018-09-17 17:36 - 2018-08-31 02:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2018-09-17 17:36 - 2018-08-31 02:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2018-09-17 17:36 - 2018-08-30 23:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll 2018-09-17 17:36 - 2018-08-30 23:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll 2018-09-17 17:36 - 2018-08-30 23:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-09-17 17:36 - 2018-08-30 23:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2018-09-17 17:36 - 2018-08-30 23:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-09-17 17:36 - 2018-08-30 23:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2018-09-17 17:36 - 2018-08-30 23:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-09-17 17:36 - 2018-08-30 23:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2018-09-17 17:36 - 2018-08-30 23:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2018-09-17 17:36 - 2018-08-30 23:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2018-09-17 17:36 - 2018-08-30 23:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-09-17 17:36 - 2018-08-30 23:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-09-17 17:36 - 2018-08-30 23:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-09-17 17:36 - 2018-08-30 23:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2018-09-17 17:36 - 2018-08-30 23:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2018-09-17 17:36 - 2018-08-30 23:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-09-17 17:36 - 2018-08-30 23:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-09-17 17:36 - 2018-08-30 23:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-09-17 17:36 - 2018-08-30 23:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-09-17 17:36 - 2018-08-30 23:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-09-17 17:36 - 2018-08-30 23:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll 2018-09-17 17:36 - 2018-08-30 23:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-09-17 17:36 - 2018-08-30 23:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2018-09-17 17:36 - 2018-08-30 23:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-09-17 17:36 - 2018-08-30 23:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2018-09-17 17:36 - 2018-08-30 23:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2018-09-17 17:36 - 2018-08-30 23:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-09-17 17:36 - 2018-08-30 23:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-09-17 17:36 - 2018-08-30 23:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll 2018-09-17 17:36 - 2018-08-30 23:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2018-09-17 17:36 - 2018-08-30 23:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-09-17 17:36 - 2018-08-30 23:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-09-17 17:36 - 2018-08-30 23:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-09-17 17:36 - 2018-08-30 23:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-09-17 17:36 - 2018-08-30 23:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2018-09-17 17:36 - 2018-08-30 23:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-09-17 17:36 - 2018-08-30 23:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-09-17 17:36 - 2018-08-30 23:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-09-17 17:36 - 2018-08-30 23:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-09-17 17:36 - 2018-08-30 23:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-09-17 17:36 - 2018-08-30 23:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2018-09-17 17:36 - 2018-08-30 23:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-09-17 17:36 - 2018-08-30 23:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2018-09-17 17:36 - 2018-08-30 23:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2018-09-17 17:36 - 2018-08-30 23:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-09-17 17:36 - 2018-08-30 23:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-09-17 17:36 - 2018-08-30 23:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2018-09-17 17:36 - 2018-08-30 23:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-09-17 17:36 - 2018-08-30 23:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2018-09-17 17:36 - 2018-08-30 23:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-09-17 17:36 - 2018-08-30 23:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-09-17 17:36 - 2018-08-30 23:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-09-17 17:36 - 2018-08-30 23:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-09-17 17:36 - 2018-08-30 23:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2018-09-17 17:36 - 2018-08-30 23:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-09-17 17:36 - 2018-08-30 23:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-09-17 17:36 - 2018-08-30 23:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2018-09-17 17:36 - 2018-08-30 23:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2018-09-17 17:36 - 2018-08-30 23:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-09-17 17:36 - 2018-08-30 23:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2018-09-17 17:36 - 2018-08-28 02:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll 2018-09-17 17:36 - 2018-08-28 02:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2018-09-17 17:36 - 2018-08-09 05:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2018-09-17 17:36 - 2018-08-09 05:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2018-09-17 17:36 - 2018-08-09 05:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2018-09-17 17:36 - 2018-08-09 05:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2018-09-17 17:36 - 2018-08-09 05:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2018-09-17 17:36 - 2018-08-09 05:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-09-17 17:36 - 2018-08-09 05:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2018-09-17 17:36 - 2018-08-09 05:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe 2018-09-17 17:36 - 2018-08-09 05:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2018-09-17 17:36 - 2018-08-09 05:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-09-17 17:36 - 2018-08-09 05:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2018-09-17 17:36 - 2018-08-09 05:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-09-17 17:36 - 2018-08-09 05:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2018-09-17 17:36 - 2018-08-09 05:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2018-09-17 17:36 - 2018-08-09 05:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2018-09-17 17:36 - 2018-08-09 05:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe 2018-09-17 17:36 - 2018-08-09 05:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2018-09-17 17:36 - 2018-08-09 05:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-09-17 17:36 - 2018-08-09 05:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2018-09-17 17:36 - 2018-08-09 04:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2018-09-17 17:36 - 2018-08-09 04:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-09-17 17:36 - 2018-08-09 04:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2018-09-17 17:36 - 2018-08-09 04:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2018-09-17 17:36 - 2018-08-09 04:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2018-09-17 17:36 - 2018-08-09 04:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-09-17 17:36 - 2018-08-09 04:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-09-17 17:36 - 2018-08-09 04:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe 2018-09-17 17:36 - 2018-08-09 04:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2018-09-17 17:36 - 2018-08-09 04:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2018-09-17 17:36 - 2018-08-09 04:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2018-09-17 17:36 - 2018-08-09 01:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2018-09-17 17:36 - 2018-08-09 01:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2018-09-17 17:36 - 2018-08-09 00:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-09-17 17:36 - 2018-08-09 00:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2018-09-17 17:36 - 2018-08-09 00:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-09-17 17:36 - 2018-08-09 00:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-09-17 17:36 - 2018-08-09 00:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2018-09-17 17:36 - 2018-08-09 00:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-09-17 17:36 - 2018-08-09 00:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-09-17 17:36 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-09-17 17:36 - 2018-08-09 00:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-09-17 17:36 - 2018-08-09 00:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2018-09-17 17:36 - 2018-08-09 00:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-09-17 17:36 - 2018-08-09 00:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2018-09-17 17:36 - 2018-08-09 00:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll 2018-09-17 17:36 - 2018-08-09 00:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2018-09-17 17:36 - 2018-08-09 00:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2018-09-17 17:36 - 2018-08-09 00:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-09-17 17:36 - 2018-08-09 00:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-09-17 17:36 - 2018-08-09 00:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2018-09-17 17:36 - 2018-08-09 00:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-09-17 17:36 - 2018-08-09 00:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-09-17 17:36 - 2018-08-09 00:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2018-09-17 17:36 - 2018-08-09 00:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-09-17 17:36 - 2018-08-09 00:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2018-09-17 17:36 - 2018-08-09 00:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2018-09-17 17:36 - 2018-08-09 00:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-09-17 17:36 - 2018-08-09 00:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-09-17 17:36 - 2018-08-09 00:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-09-17 17:36 - 2018-08-09 00:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll 2018-09-17 17:36 - 2018-08-09 00:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2018-09-17 17:36 - 2018-08-09 00:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2018-09-17 17:36 - 2018-08-09 00:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-09-17 17:36 - 2018-08-09 00:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-09-17 17:36 - 2018-08-09 00:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2018-09-17 17:36 - 2018-08-09 00:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-09-17 17:36 - 2018-08-09 00:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-09-17 17:36 - 2018-08-09 00:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2018-09-17 17:36 - 2018-08-09 00:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-09-17 17:36 - 2018-08-09 00:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-09-17 17:36 - 2018-08-09 00:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-09-17 17:36 - 2018-08-09 00:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-09-17 17:36 - 2018-08-09 00:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2018-09-17 17:36 - 2018-08-09 00:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-09-17 17:36 - 2018-08-09 00:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-09-17 17:36 - 2018-08-09 00:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2018-09-17 17:36 - 2018-08-09 00:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2018-09-17 17:36 - 2018-08-09 00:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-09-17 17:36 - 2018-08-09 00:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-09-17 17:36 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls 2018-09-17 17:36 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls 2018-09-17 17:36 - 2018-06-08 14:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2018-09-17 17:35 - 2018-08-31 03:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-09-17 17:35 - 2018-08-31 03:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2018-09-17 17:35 - 2018-08-31 03:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys 2018-09-17 17:35 - 2018-08-31 03:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2018-09-17 17:35 - 2018-08-31 03:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2018-09-17 17:35 - 2018-08-31 03:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-09-17 17:35 - 2018-08-31 02:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-09-17 17:35 - 2018-08-31 02:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2018-09-17 17:35 - 2018-08-31 02:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-09-17 17:35 - 2018-08-30 23:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-09-17 17:35 - 2018-08-30 23:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2018-09-17 17:35 - 2018-08-30 23:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2018-09-17 17:35 - 2018-08-30 23:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2018-09-17 17:35 - 2018-08-30 23:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll 2018-09-17 17:35 - 2018-08-30 23:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2018-09-17 17:35 - 2018-08-30 23:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys 2018-09-17 17:35 - 2018-08-30 23:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-09-17 17:35 - 2018-08-30 23:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-09-17 17:35 - 2018-08-30 23:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2018-09-17 17:35 - 2018-08-30 23:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll 2018-09-17 17:35 - 2018-08-30 23:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2018-09-17 17:35 - 2018-08-30 23:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2018-09-17 17:35 - 2018-08-30 23:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2018-09-17 17:35 - 2018-08-30 23:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2018-09-17 17:35 - 2018-08-30 23:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2018-09-17 17:35 - 2018-08-30 23:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-09-17 17:35 - 2018-08-30 23:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2018-09-17 17:35 - 2018-08-30 23:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2018-09-17 17:35 - 2018-08-30 21:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim 2018-09-17 17:35 - 2018-08-28 02:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2018-09-17 17:35 - 2018-08-28 02:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-09-17 17:35 - 2018-08-28 01:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2018-09-17 17:35 - 2018-08-13 22:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2018-09-17 17:35 - 2018-08-13 22:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2018-09-17 17:35 - 2018-08-09 05:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2018-09-17 17:35 - 2018-08-09 05:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2018-09-17 17:35 - 2018-08-09 05:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2018-09-17 17:35 - 2018-08-09 05:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll 2018-09-17 17:35 - 2018-08-09 05:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2018-09-17 17:35 - 2018-08-09 05:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll 2018-09-17 17:35 - 2018-08-09 05:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-09-17 17:35 - 2018-08-09 05:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2018-09-17 17:35 - 2018-08-09 05:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2018-09-17 17:35 - 2018-08-09 05:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2018-09-17 17:35 - 2018-08-09 04:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2018-09-17 17:35 - 2018-08-09 04:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2018-09-17 17:35 - 2018-08-09 04:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll 2018-09-17 17:35 - 2018-08-09 04:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2018-09-17 17:35 - 2018-08-09 04:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe 2018-09-17 17:35 - 2018-08-09 04:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-09-17 17:35 - 2018-08-09 04:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2018-09-17 17:35 - 2018-08-09 04:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2018-09-17 17:35 - 2018-08-09 04:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2018-09-17 17:35 - 2018-08-09 00:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll 2018-09-17 17:35 - 2018-08-09 00:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll 2018-09-17 17:35 - 2018-08-09 00:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2018-09-17 17:35 - 2018-08-09 00:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe 2018-09-17 17:35 - 2018-08-09 00:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-09-17 17:35 - 2018-08-09 00:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll 2018-09-17 17:35 - 2018-08-09 00:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll 2018-09-17 17:35 - 2018-08-09 00:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2018-09-17 17:35 - 2018-08-09 00:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2018-09-17 17:35 - 2018-08-09 00:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2018-09-17 17:35 - 2018-08-09 00:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2018-09-17 17:35 - 2018-08-09 00:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe 2018-09-17 17:35 - 2018-08-09 00:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll 2018-09-17 17:35 - 2018-08-09 00:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2018-09-17 17:35 - 2018-08-09 00:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2018-09-17 17:35 - 2018-08-09 00:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll 2018-09-17 17:35 - 2018-08-09 00:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll 2018-09-17 17:35 - 2018-08-09 00:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2018-09-17 17:35 - 2018-08-09 00:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-09-17 17:35 - 2018-08-09 00:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2018-09-12 12:53 - 2018-09-12 12:53 - 000120008 _____ (Rivet Networks, LLC.) C:\WINDOWS\system32\Drivers\SmbCo10X64.sys 2018-08-27 23:26 - 2018-08-27 23:26 - 000675984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000457512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000386712 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000343192 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000274072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000248624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000089248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000087352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000031896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_1.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000028472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_1.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-22 11:43 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-09-22 11:42 - 2016-09-29 04:12 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-09-22 11:42 - 2015-12-03 22:58 - 000000000 __SHD C:\Users\Janet\IntelGraphicsProfiles 2018-09-22 11:41 - 2018-08-20 22:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-09-22 11:40 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-09-22 11:12 - 2018-08-20 22:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-09-22 10:53 - 2018-08-20 22:44 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F8123E04-1A78-4339-8BEB-4BD5F51CF1FE} 2018-09-21 18:45 - 2016-11-29 23:01 - 000000000 ____D C:\Users\Janet\AppData\LocalLow\Mozilla 2018-09-21 18:30 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-09-21 18:18 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF 2018-09-21 16:15 - 2015-10-01 16:42 - 000000000 ____D C:\Program Files (x86)\AVG 2018-09-21 16:15 - 2015-10-01 16:38 - 000000000 ____D C:\Users\Janet\AppData\Local\Avg 2018-09-21 15:57 - 2018-08-20 22:44 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2522845462-502705314-3011215565-1001 2018-09-21 15:57 - 2018-08-20 22:15 - 000002365 _____ C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-09-21 15:57 - 2015-10-12 21:33 - 000000000 ___RD C:\Users\Janet\OneDrive 2018-09-21 15:01 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-09-21 13:10 - 2015-10-01 15:59 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2018-09-21 13:05 - 2018-08-20 22:30 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-09-21 12:58 - 2017-09-10 22:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-09-21 12:58 - 2016-02-08 00:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-09-21 12:55 - 2014-10-06 22:46 - 000000000 ____D C:\Program Files (x86)\Amazon 2018-09-21 12:48 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-09-21 12:42 - 2018-08-06 17:42 - 000000000 ____D C:\ProgramData\RivetNetworks 2018-09-21 12:15 - 2018-08-20 22:44 - 000004238 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate 2018-09-18 13:24 - 2015-10-13 23:03 - 000000000 ____D C:\Users\Janet\AppData\Local\CrashDumps 2018-09-18 13:02 - 2016-02-08 00:41 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-09-18 12:43 - 2016-09-29 04:11 - 000000000 ____D C:\Program Files\Intel 2018-09-18 12:43 - 2014-10-06 22:45 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2018-09-18 12:32 - 2014-10-06 22:39 - 000000000 ____D C:\ProgramData\Intel 2018-09-18 12:32 - 2014-10-06 22:39 - 000000000 ____D C:\Program Files (x86)\Intel 2018-09-18 12:31 - 2014-10-06 22:32 - 000000000 ____D C:\ProgramData\Package Cache 2018-09-18 12:30 - 2014-10-06 22:40 - 000000000 ____D C:\Program Files (x86)\Dell Wireless 2018-09-18 12:28 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO 2018-09-18 12:16 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-09-18 12:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\appcompat 2018-09-18 11:58 - 2018-08-20 22:07 - 000409984 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-09-17 22:49 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA 2018-09-17 22:48 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ 2018-09-17 22:48 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput 2018-09-17 22:48 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-09-17 22:48 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-09-17 22:48 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2018-09-17 22:48 - 2018-04-11 17:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-09-17 21:49 - 2018-08-20 22:51 - 000000000 ____D C:\ProgramData\Packages 2018-09-17 21:38 - 2018-05-08 03:27 - 000000000 ____D C:\Users\Janet\AppData\Local\Packages 2018-09-17 21:35 - 2015-12-03 23:02 - 000000000 ____D C:\Users\Janet\AppData\Local\Publishers 2018-09-17 21:18 - 2015-12-13 17:41 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-09-17 21:18 - 2015-12-13 17:41 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-09-17 21:18 - 2015-12-13 17:41 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-09-17 21:18 - 2015-12-13 17:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-09-17 21:18 - 2015-12-13 17:41 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-09-17 21:18 - 2015-12-13 17:41 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-09-17 21:16 - 2014-10-06 22:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-09-17 21:08 - 2018-08-20 20:07 - 000000000 ____D C:\Users\Janet\AppData\Roaming\PCDr 2018-09-17 21:05 - 2018-08-20 22:44 - 000003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask 2018-09-17 20:56 - 2015-07-07 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-09-17 17:51 - 2015-07-07 22:19 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-09-17 17:10 - 2018-04-14 15:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-09-17 16:57 - 2014-10-06 22:44 - 000000000 ____D C:\Program Files\Dell Some files in TEMP: ==================== 2018-09-21 13:09 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\Users\Janet\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-08-20 22:07 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018 Ran by Janet (22-09-2018 11:47:59) Running from C:\Users\Janet\Desktop Windows 10 Home Version 1803 17134.285 (X64) (2018-08-21 02:47:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2522845462-502705314-3011215565-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-2522845462-502705314-3011215565-503 - Limited - Disabled) Guest (S-1-5-21-2522845462-502705314-3011215565-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2522845462-502705314-3011215565-1003 - Limited - Enabled) Janet (S-1-5-21-2522845462-502705314-3011215565-1001 - Administrator - Enabled) => C:\Users\Janet WDAGUtilityAccount (S-1-5-21-2522845462-502705314-3011215565-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.566 - AVG Technologies) Citrix Receiver 4.6 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.6.0.12010 - Citrix Systems, Inc.) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.) Dell SupportAssist (HKLM\...\{4CB4741A-20C1-454E-8276-993D06A76D67}) (Version: 2.2.3.2 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated) Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.) Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6331.1 - Waves Audio Ltd.) Hidden McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.208 - McAfee, Inc.) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10730.20102 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2522845462-502705314-3011215565-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 62.0 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0 (x64 en-US)) (Version: 62.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden Online Plug-in (HKLM-x32\...\{9E362141-4BE9-47C3-BD36-638B77AC87AA}) (Version: 14.6.0.12010 - Citrix Systems, Inc.) Hidden osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.) Registry Repair 4.1.0.388 (HKLM-x32\...\Registry Repair) (Version: 4.1.0.388 - Glarysoft Ltd) RogueKiller version 12.13.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.1.0 - Adlice Software) Self-service Plug-in (HKLM-x32\...\{27B93352-3746-4329-9D16-CE20A1E400C5}) (Version: 4.6.0.14932 - Citrix Systems, Inc.) Hidden SmartByte Drivers and Services (HKLM\...\{6AD3253B-AFE1-436E-971B-B16D8C6ABA3F}) (Version: 2.0.637 - Rivet Networks) SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A6F2ADC4-12C4-41E8-B90B-3BE018F5787C}) (Version: 2.48.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (Cyberlink) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (Cyberlink) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00B3D111-7348-4D69-A527-53F015F09E39} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] () Task: {049A2024-9628-4B38-B79E-634DBF581771} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {0A28DB86-BB60-422E-8082-14721623E388} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {111DB023-0533-4175-898A-D7EECE9BB34A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {1161B9EE-B3A7-420A-9D70-1AFCCF8A84E4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {179231F2-13DB-4FC2-BC32-0CE0A4BE1CB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {179966CE-BF7C-4736-A256-EDA4802082AE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {1FB71994-3521-4B0A-BA68-5F9B25C7DAB2} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe Task: {29EB8F52-52AD-42F4-B568-E2ADF2F3CA7E} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc) Task: {2CBF038F-F2BC-44D8-8782-198BC2F34ACF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {2DB7664F-B584-46F5-9CF9-9D371C40CA1D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {37959E0E-A49D-428A-8BD8-3D0AECC6C659} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc) Task: {580EDB19-EF50-42EA-BDB2-386F5669AA4B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {60B1A4E2-53D8-4885-90BE-8AFAE2A2185C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] () Task: {65F06E56-D0A9-482F-9C80-A3BD96F850F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-09-17] (Microsoft Corporation) Task: {75C039E9-A27F-431C-8333-C73578A2A61E} - System32\Tasks\Pcd.DriverScan.GXXWJ => C:\Users\Janet\AppData\Roaming\PCDr\Downloads\DriverInstaller.exe [2018-09-17] (PC-Doctor, Inc.) Task: {77ED97C1-2444-4250-8DBA-3FD0DC9C6FC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-09-17] (Microsoft Corporation) Task: {7B2CF644-D647-4A2E-830F-7374DF7F0874} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe Task: {7BD14849-8182-4962-9C5E-F36E9E2C3F3A} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-09-17] (Microsoft Corporation) Task: {7E2F886A-9191-40F4-8A0A-0D17D7412311} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {820F50CD-29D3-4618-B43D-380373DF5BE2} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] () Task: {8BDC95FF-E653-402E-ADFF-6E2C31026D6A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.) Task: {91E0A5BE-3A87-4B34-ADE8-0C4E1615528F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-09-17] (Microsoft Corporation) Task: {A38AFBEC-4C70-45F7-9AED-3866F81911BE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {A3C423AB-71B9-41B5-8A0F-14F4A63AF85C} - \WPD\SqmUpload_S-1-5-21-2522845462-502705314-3011215565-1001 -> No File <==== ATTENTION Task: {A47A98EF-DBD1-4DC3-AD27-B6E715D51AC4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-07-08] (Dell Inc.) Task: {A558919E-DECF-4B7D-88A9-2DE973E22DF7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation) Task: {A82452E8-F1DD-448E-9984-83A4ED09D439} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {AB61917F-6CDD-4D45-943D-259C3BE36723} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-09-17] (Microsoft Corporation) Task: {ABB37F01-F983-461D-92A1-B2E46F3179E5} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {B177DF02-AF18-4714-8B91-C7801B6142D5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation) Task: {C19624D5-F6FC-40EA-86E2-92A0032E62E3} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-02-16] (Synaptics Incorporated) Task: {C42405FF-E4F2-4DF4-82E0-452F91B900C5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {C7F6723A-587C-4C06-9EE8-F40584934DC2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-17] (Microsoft Corporation) Task: {C84C9DB1-A9D8-4577-B352-461AE557F68F} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {CF0D1050-4232-4790-B2D8-4354002AF4C5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.) Task: {E402B068-0417-47E7-AF6E-446F79B3E485} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-24] (Realtek Semiconductor) Task: {E87DC62E-E4B5-4A1E-82F4-49F1976BEFCA} - System32\Tasks\Pcd.DriverScan.7TGCX => C:\Users\Janet\AppData\Roaming\PCDr\Downloads\DriverInstaller.exe [2018-09-17] (PC-Doctor, Inc.) Task: {ECDF3ADC-B08E-46B1-8E68-18C0074606DF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-17] (Microsoft Corporation) Task: {F00461D5-D8CB-40C6-A3FF-766436671DBD} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-09-12] (DELL) Task: {F1DC3201-A2EB-4FCA-BC55-53D619BE46D3} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe] Task: {F8FBA18E-6248-44BA-92F0-E7AF99C6BB9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-09-17] (Microsoft Corporation) Task: {FEE0B01F-029A-4081-8C95-B1305F6E1174} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2522845462-502705314-3011215565-1001 -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2018-09-21 12:17 - 2018-08-06 14:20 - 002769768 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-09-21 12:17 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2013-08-22 14:40 - 2013-08-22 14:40 - 000016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe 2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2017-02-16 01:21 - 2017-02-16 01:21 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe 2018-09-17 17:36 - 2018-08-30 23:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-08-20 14:16 - 2018-08-20 14:17 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-08-20 14:16 - 2018-08-20 14:17 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-08-20 14:16 - 2018-08-20 14:17 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-08-20 14:16 - 2018-08-20 14:17 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll 2018-08-20 13:04 - 2018-08-20 13:04 - 002587968 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\libprotobuf.dll 2014-10-06 22:35 - 2013-03-04 23:40 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 14:41 - 2013-03-05 14:41 - 000015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2016-12-21 11:24 - 2016-12-21 11:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll 2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll 2015-06-24 01:07 - 2015-06-24 01:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2018-08-20 13:03 - 2018-08-20 13:04 - 000025456 _____ () C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_1.2.0.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Janet\Downloads\WEQuV2luNyBQb29sICRTMi0z.ica:icasource [208] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2018-08-19 14:30 - 000000768 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2522845462-502705314-3011215565-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg DNS Servers: 192.168.254.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{DDCCD0D8-1887-405B-A270-B5DA6B2C13AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{29F3CD31-98F6-486B-AA54-CEB4A3406BE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6B52B2C2-2068-4DB3-AABC-4E63B73FAC6C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{ED73B1E9-1254-482C-AD71-954643072A97}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{5A6F6A16-8DFC-44B0-9B3A-FB4F60C89C00}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{5734D46B-6A95-4D2B-9659-9C1BF5FE1ECB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{D7A89A5F-56A7-47CC-B077-CB4D3E0A8C43}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe FirewallRules: [{72859A22-A354-4C01-A074-176F59D2DEFE}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe FirewallRules: [{7A3FA8C1-3CFF-45DE-8DB6-46F4219BA99A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{1A6D16FB-8D00-417A-9512-87CD6BEFFA62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [TCP Query User{488C7668-A5D9-4D31-BFCE-7BDEB9E500E6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{29F6C66A-E5BA-4791-A68A-EBEF1D646798}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{0E34439A-77D0-40B6-81C6-DAF74776D471}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{4C790E36-8B79-4968-9630-183364A86917}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{08E7EFBC-4BC0-417E-9873-E457C5C284CD}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{D1FAAEC4-1214-4EEC-9363-8AA139FBA46E}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{86B8B8D9-C721-4267-BA57-5A4953570D42}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{DBAB3C4E-1EBE-4EC5-8D79-2B27C4FE970F}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{64A6D5B1-9905-45AB-99EC-07965AF85E2A}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{9E67B348-C767-43D2-97D8-EE51CA5B9DC8}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{07A1F086-0863-43B9-B84C-0816851F78C9}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{9096B04E-AB11-4050-B7A6-382165203C88}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{9430A855-20EB-4F53-9520-066BFB1F59D6}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_18.9.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe FirewallRules: [{F370EFAC-730D-45E5-820D-BD34D357C44D}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe FirewallRules: [{BE6040B6-1306-4D63-BED6-B987F755E207}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe ==================== Restore Points ========================= 21-09-2018 12:47:30 Windows Modules Installer ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/22/2018 11:42:45 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (09/22/2018 11:42:45 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (09/22/2018 11:42:45 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (09/22/2018 11:42:44 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (09/22/2018 11:41:15 AM) (Source: SmartByte Network Service) (EventID: 16) (User: ) Description: Event-ID 16 Error: (09/22/2018 11:41:15 AM) (Source: SmartByte Network Service) (EventID: 16) (User: ) Description: Event-ID 16 Error: (09/22/2018 10:50:15 AM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: Object reference not set to an instance of an object. Error: (09/22/2018 10:50:10 AM) (Source: SupportAssistAgent) (EventID: 0) (User: ) Description: An exception occurred in session change of service start: Object reference not set to an instance of an object. System errors: ============= Error: (09/22/2018 11:45:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (09/22/2018 11:44:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/22/2018 11:42:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/22/2018 11:42:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect. Error: (09/22/2018 11:42:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/22/2018 11:42:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/22/2018 11:42:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/22/2018 11:40:28 AM) (Source: DCOM) (EventID: 10005) (User: MOONSHINE) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Windows Defender: =================================== Date: 2018-09-21 15:23:14.907 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {B1E77EE8-1A6E-40CC-BD99-A107ACCCF9F0} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-22 11:37:15.120 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2018-09-21 16:29:43.310 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.1628.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x800704cf Error description: The network location cannot be reached. For information about network troubleshooting, see Windows Help. Date: 2018-09-18 12:09:54.488 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.1390.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-09-17 16:38:29.197 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.273.1726.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15100.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-09-17 16:38:29.196 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.273.1726.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15100.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =================================== Date: 2018-09-22 11:43:28.614 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-09-22 11:43:28.145 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-09-22 10:51:13.776 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-09-22 10:51:13.776 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-09-21 17:25:49.543 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-09-21 17:25:49.543 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-09-21 15:52:20.897 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-09-21 15:52:19.842 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz Percentage of memory in use: 60% Total physical RAM: 4000.18 MB Available physical RAM: 1572.54 MB Total Virtual: 5280.18 MB Available Virtual: 2185.19 MB ==================== Drives ================================ Drive 😄 (OS) (Fixed) (Total:920.85 GB) (Free:828.37 GB) NTFS \\?\Volume{4a6a9591-30b4-4123-8ff2-4f0b945e1b74}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.45 GB) NTFS \\?\Volume{1398c64b-a769-4c91-8873-47949902f5a8}\ () (Fixed) (Total:0.82 GB) (Free:0.34 GB) NTFS \\?\Volume{dce6ba41-a06d-414e-9c8a-46606556fd85}\ (PBR Image) (Fixed) (Total:8.45 GB) (Free:0.72 GB) NTFS \\?\Volume{2944c81f-38ea-4359-b64d-436b0f1bab7d}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 13950EEB) Partition: GPT. ==================== End of Addition.txt ============================
  14. Broni Had to replace laptop screen for a teacher friend , upon booting up noticed it was extremely slow . Having heard AVG was still a resource hog I decided since it was free , i could remove it ,cause it could always be replaced later , It was difficult to remove , but there is a big difference , now a lot better !! Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/21/18 Scan Time: 12:19 PM Log File: 0f877960-bdba-11e8-b1aa-74e6e211c83a.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.6951 License: Trial -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: MOONSHINE\Janet -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 336977 Threats Detected: 83 Threats Quarantined: 83 Time Elapsed: 15 min, 40 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 32 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{983410CC-D399-401D-BEC8-3F6623B5E8BD}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BC87ADED-E2FC-4B7E-B21B-F2578F51D78E}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{983410CC-D399-401D-BEC8-3F6623B5E8BD}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BC87ADED-E2FC-4B7E-B21B-F2578F51D78E}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}\InprocServer32, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\AmazonAppIE.AppGateway, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\InprocServer32, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CF2ACB80-1A7A-4642-A463-CD7583FDB0FE}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\AmazonAppIE.GatewayFactory, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CF2ACB80-1A7A-4642-A463-CD7583FDB0FE}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CF2ACB80-1A7A-4642-A463-CD7583FDB0FE}\InprocServer32, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\AmazonAppIE.GadgetGateway, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}\InprocServer32, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}\InprocServer32, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\InprocServer32, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CF2ACB80-1A7A-4642-A463-CD7583FDB0FE}\InprocServer32, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}\InprocServer32, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button, HKU\S-1-5-21-2522845462-502705314-3011215565-1001\SOFTWARE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, Quarantined, [3116], [441167],1.0.6951 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, Quarantined, [3116], [441168],1.0.6951 Registry Value: 3 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [2745], [-1],0.0.0 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [2745], [-1],0.0.0 PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|AMAZON1BUTTONTASKBARAPP.EXE, Quarantined, [3116], [493348],1.0.6951 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 13 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-CA, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-GB, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-US, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ja-JP, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\zh-CN, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\de, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\es, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\fr, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\it, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.PolarityTech.Generic, C:\USERS\JANET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7Y3B8B5.DEFAULT\BROWSER-EXTENSION-DATA\WEB@MAPS, Quarantined, [1694], [508613],1.0.6951 File: 35 PUP.Optional.PolarityTech.Generic, C:\USERS\JANET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7Y3B8B5.DEFAULT\EXTENSIONS\WEB@MAPS.XPI, Quarantined, [1694], [509072],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\de\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-CA\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-GB\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-US\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\es\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\fr\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\it\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ja-JP\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\amazon-favicon.ico, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_ca_logo.png, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_cn_logo.png, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_co-jp_logo.png, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_co-uk_logo.png, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_com_logo.png, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_de_logo.png, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_es_logo.png, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_fr_logo.png, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_it_logo.png, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\zh-CN\Amazon1ButtonUpdater.resources.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonUpdater.exe, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonUpdater.exe.config, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonUpdateTask.exe, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIEManaged.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\CommandLine.dll, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\CommandLine.xml, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\InstallAction.exe, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\Amazon.lnk, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Amazon.lnk, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.Amazon1Button.AppFlsh, C:\USERS\JANET\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Amazon.lnk, Quarantined, [2745], [464595],1.0.6951 PUP.Optional.PolarityTech.Generic, C:\USERS\JANET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7Y3B8B5.DEFAULT\BROWSER-EXTENSION-DATA\WEB@MAPS\STORAGE.JS, Quarantined, [1694], [508613],1.0.6951 PUP.Optional.BundleInstaller, C:\USERS\JANET\DOWNLOADS\ITUNES.EXE, Quarantined, [414], [542915],1.0.6951 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.17134) 64 bits version Started in : Normal mode User : Janet [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 09/21/2018 13:10:10 (Duration : 01:14:15) Switches : -refid ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 9 ¤¤¤ [PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll) -> Found [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Found [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AVG Tuneup -> Found [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll) -> Found [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll) -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2522845462-502705314-3011215565-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2522845462-502705314-3011215565-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2522845462-502705314-3011215565-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2522845462-502705314-3011215565-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 9 ¤¤¤ [PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found [PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Found [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Found [PUP.Gen1][Folder] C:\Users\Janet\AppData\Local\AVG Web TuneUp -> Found [PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found [PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Found [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Found [PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp -> Found [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 3 ¤¤¤ [PUM.HomePage][Firefox:Config] v7y3b8b5.default : user_pref("browser.startup.homepage", "moz-extension://7a43cf9b-1f95-4967-a176-b59112baf0df/newtab/newtab.html"); -> Found [PUM.SearchEngine][Firefox:Config] v7y3b8b5.default : user_pref("browser.search.selectedEngine", "Secure Search"); -> Found [PUM.SearchEngine][Firefox:Config] v7y3b8b5.default : user_pref("browser.search.defaultenginename", "AVG Secure Search"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++ --- User --- [MBR] 8d9ecf715ecf2794363bcf66e1913fd0 [BSP] 86a0623bad687512d6906a861d176fb7 : Empty|VT.Unknown MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB 1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB 3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB 4 - Basic data partition | Offset (sectors): 2906112 | Size: 942947 MB 5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1934063616 | Size: 844 MB 6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1935792128 | Size: 8657 MB User = LL1 ... OK User = LL2 ... OK # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.0 # ------------------------------- # Build: 08-30-2018 # Database: (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-21-2018 # Duration: 00:00:30 # OS: Windows 10 Home # Cleaned: 36 # Failed: 1 ***** [ Services ] ***** Deleted WtuSystemSupport ***** [ Folders ] ***** Deleted C:\ProgramData\AVG_UPDATE_1015AV Deleted C:\ProgramData\AVG_UPDATE_0916TB Deleted C:\ProgramData\AVG_UPDATE_0316TB Deleted C:\ProgramData\avg web tuneup Deleted C:\Program Files\avg web tuneup Deleted C:\Program Files (x86)\avg web tuneup Deleted C:\Program Files\Common Files\AVG Secure Search Deleted C:\Program Files (x86)\Common Files\AVG Secure Search Deleted C:\Users\Janet\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\Tasks\1015AVUPDATEINFO.JOB Deleted C:\Windows\System32\Tasks\1015AVUPDATEINFO Deleted C:\Windows\System32\Tasks\0316TBUPDATEINFO ***** [ Registry ] ***** Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D7325CD-F261-408F-813E-FD3CDE002050} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D7325CD-F261-408F-813E-FD3CDE002050} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1015avUpdateInfo Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A6E615C-4D69-4089-B3C0-00CD26C8FF93} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A6E615C-4D69-4089-B3C0-00CD26C8FF93} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0316tbUpdateInfo Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} Deleted HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Deleted HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Deleted HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.highmarkblueshield.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\highmarkblueshield.com Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** Deleted AVG Web TuneUp ***** [ Firefox URLs ] ***** Not Deleted mysearch.avg.com ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [4753 octets] - [21/09/2018 15:35:35] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
×