PDA

View Full Version : I just may have a little Malware Virus issue. Please help me ger rid of it!



Bigalo
2018-03-25, 07:38
My computer has been running slow for about three days, and getting worse. I've attached the logs, with the exception of the aswMBR logs, as my computer kept running into a problem and was restarting. The logs are as follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Rabigalo (administrator) on BIGGIE (24-03-2018 22:53:56)
Running from C:\Users\Rabigalo\Desktop
Loaded Profiles: Rabigalo (Available Profiles: Rabigalo)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_453d2af85bf95078\igfxCUIService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_453d2af85bf95078\IntelCpHDCPSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_453d2af85bf95078\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(FrescoLogic) C:\Program Files\Fresco Logic\Fresco Logic USB Display Driver\FL2000\x64\flvga_tray.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\McCSPServiceHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [7823824 2015-09-21] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [flvga_tray] => C:\Program Files\Fresco Logic\Fresco Logic USB Display Driver\FL2000\x64\flvga_tray.exe [439424 2016-12-23] (FrescoLogic)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.)
HKLM-x32\...\Run: [PowerDVD16Agent] => C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe [516296 2016-03-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1868272 2018-02-02] (Adobe Systems Inc.)
HKLM-x32\...\Run: [flvga_tray32] => C:\Program Files\Fresco Logic\Fresco Logic USB Display Driver\FL2000\x86\flvga_tray.exe [419968 2016-12-23] (FrescoLogic)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3267101396-1119176653-3220088351-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{86fe8734-7225-4a88-bd23-9f1328f17cce}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{94a402d9-3519-4427-8d51-bc6a6ff9b72e}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3267101396-1119176653-3220088351-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {294B6A7F-85F4-4D70-83D2-22158F594F6E} URL =
SearchScopes: HKLM-x32 -> DefaultScope {294B6A7F-85F4-4D70-83D2-22158F594F6E} URL =
SearchScopes: HKU\S-1-5-21-3267101396-1119176653-3220088351-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-02-28] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-02-28] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-01-25] (McAfee, Inc.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3267101396-1119176653-3220088351-1001 -> hxxp://my.earthlink.net/

FireFox:
========
FF ProfilePath: C:\Users\Rabigalo\AppData\Roaming\Mozilla\Firefox\Profiles\ma5f8kek.default-1473380576373 [2018-03-24]
FF Homepage: Mozilla\Firefox\Profiles\ma5f8kek.default-1473380576373 -> my.earthlink.net/
FF NewTab: Mozilla\Firefox\Profiles\ma5f8kek.default-1473380576373 -> about:newtab
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Rabigalo\AppData\Roaming\Mozilla\Firefox\Profiles\ma5f8kek.default-1473380576373\features\{f318c2e1-ae61-4901-882a-b7b4871b1a9c}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-23] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-02-14] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-28] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-02-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-02-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2018-02-02] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3267101396-1119176653-3220088351-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Rabigalo\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-11] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> hxxp://my.earthlink.net/
CHR StartupUrls: Default -> "hxxp://my.earthlink.net/"
CHR DefaultSearchURL: Default -> hxxps://results.searchlock.com/search/?q={searchTerms}&sr=def-search
CHR DefaultSearchKeyword: Default -> searchlock.com
CHR DefaultSuggestURL: Default -> hxxps://www.searchlock.com/search/suggest?q={searchTerms}
CHR Profile: C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default [2018-03-24]
CHR Extension: (Slides) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-07]
CHR Extension: (YouTube) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-07]
CHR Extension: (Sheets) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-07]
CHR Extension: (SearchLock) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdpgmeoacdoadgannnoajmnbodcfmbn [2017-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\Rabigalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-08] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [122400 2017-10-13] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\\McCSPServiceHost.exe [2140888 2018-01-18] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
S4 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1668816 2018-02-12] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-05-26] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 fl2000; C:\WINDOWS\System32\drivers\fl2000.sys [157312 2016-12-23] (FrescoLogic)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-10] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R0 lci_proxykmd; C:\WINDOWS\System32\drivers\lci_proxykmd.sys [100992 2016-12-22] (FrescoLogic)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2018-03-24] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-03-22] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [29624 2016-03-28] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-24 22:53 - 2018-03-24 22:55 - 000028223 _____ C:\Users\Rabigalo\Desktop\FRST.txt
2018-03-24 22:53 - 2018-03-24 22:53 - 000000000 ____D C:\FRST
2018-03-24 22:49 - 2018-03-24 22:49 - 002403328 _____ (Farbar) C:\Users\Rabigalo\Desktop\FRST64.exe
2018-03-24 22:46 - 2018-03-24 22:46 - 000002314 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-03-24 22:46 - 2018-03-24 22:46 - 000000000 ____D C:\RegBackup
2018-03-24 22:42 - 2018-03-24 22:44 - 005766144 _____ (Tweaking.com) C:\Users\Rabigalo\Desktop\tweaking.com_registry_backup_setup.exe
2018-03-24 21:20 - 2018-03-24 21:20 - 000000000 ____D C:\Users\Rabigalo\Documents\FY 16 Domain Assessments
2018-03-24 21:19 - 2018-03-24 21:19 - 000000000 ____D C:\Users\Rabigalo\Documents\Handbook
2018-03-24 21:18 - 2018-03-24 21:19 - 000000000 ____D C:\Users\Rabigalo\Documents\Direcctives
2018-03-24 21:18 - 2018-03-24 21:18 - 000000000 ____D C:\Users\Rabigalo\Documents\Brief
2018-03-24 21:17 - 2018-03-24 21:17 - 000000000 ____D C:\Users\Rabigalo\Documents\Schaeffler Academy
2018-03-24 21:12 - 2018-03-24 21:12 - 000000000 ____D C:\Users\Rabigalo\Documents\Suspicious Packaging
2018-03-23 19:25 - 2018-03-23 19:25 - 000000000 ____D C:\Users\Rabigalo\AppData\Roaming\CyberLink
2018-03-23 19:25 - 2018-03-23 19:25 - 000000000 ____D C:\Users\Public\CyberLink
2018-03-23 19:04 - 2018-03-23 19:20 - 000000000 ____D C:\Program Files (x86)\Yodot AVI Repair
2018-03-23 19:03 - 2018-03-23 19:03 - 009500984 _____ ( ) C:\Users\Rabigalo\Downloads\yodot-avi-repair.exe
2018-03-23 19:03 - 2018-03-23 19:03 - 009500984 _____ ( ) C:\Users\Rabigalo\Downloads\yodot-avi-repair (2).exe
2018-03-23 19:03 - 2018-03-23 19:03 - 009500984 _____ ( ) C:\Users\Rabigalo\Downloads\yodot-avi-repair (1).exe
2018-03-23 18:59 - 2018-03-23 18:59 - 000003762 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Scan
2018-03-23 18:58 - 2018-03-23 19:20 - 000000000 ____D C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc
2018-03-23 18:58 - 2018-03-23 18:58 - 000999400 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Rabigalo\Downloads\DriverUpdate-setup.exe
2018-03-23 18:58 - 2018-03-23 18:58 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-03-23 18:48 - 2018-03-23 20:07 - 000000000 ____D C:\Users\Rabigalo\AppData\Roaming\vlc
2018-03-23 18:48 - 2018-03-23 18:48 - 000617880 _____ (Seven Servos Software Pvt Ltd. ) C:\Users\Rabigalo\Downloads\TechUtilities_Setup_2.1.9-01-CR.exe
2018-03-23 18:48 - 2018-03-23 18:48 - 000617880 _____ (Seven Servos Software Pvt Ltd. ) C:\Users\Rabigalo\Downloads\TechUtilities_Setup_2.1.9-01-CR (1).exe
2018-03-23 18:47 - 2018-03-23 18:47 - 000000918 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-03-23 18:47 - 2018-03-23 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-03-23 18:46 - 2018-03-23 18:46 - 000000000 ____D C:\Program Files\VideoLAN
2018-03-23 18:40 - 2018-02-15 11:32 - 025509970 _____ C:\Users\Rabigalo\Desktop\another angle of truck.avi
2018-03-23 18:40 - 2018-02-15 11:28 - 038101207 _____ C:\Users\Rabigalo\Desktop\video of truck.avi
2018-03-23 18:36 - 2018-03-23 18:42 - 000000000 ____D C:\Program Files (x86)\Stellar Phoenix Video Repair
2018-03-23 18:36 - 2018-03-23 18:36 - 000000000 _RSHD C:\ProgramData\Key-Base
2018-03-23 18:36 - 2018-03-23 18:36 - 000000000 ____D C:\ProgramData\{CB534028-392B-3AF7-546E-E9006E1AA41A}
2018-03-23 18:35 - 2018-03-23 18:35 - 019051088 _____ (Stellar Information Technology Pvt Ltd ) C:\Users\Rabigalo\Downloads\StellarPhoenixVideoRepair.exe
2018-03-22 17:26 - 2018-01-24 09:38 - 005001304 _____ C:\Users\Rabigalo\Documents\ACC Export - 2018-01-24 06.54 AM.avi
2018-03-21 13:23 - 2018-03-21 13:23 - 000000966 _____ C:\Users\Rabigalo\Desktop\steve epling entering and exiting the campus.avi - Shortcut.lnk
2018-03-19 14:55 - 2018-03-19 14:55 - 000000000 ____D C:\Users\Rabigalo\AppData\LocalLow\Temp
2018-03-16 18:18 - 2018-03-16 18:18 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-03-16 17:58 - 2018-03-16 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-15 07:50 - 2018-03-15 07:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-03-15 07:50 - 2018-03-15 07:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-03-15 07:50 - 2018-03-15 07:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-03-15 07:50 - 2018-03-15 07:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-03-14 22:05 - 2018-03-14 22:05 - 000003264 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2018-03-13 18:11 - 2018-03-13 18:11 - 000004566 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-13 16:58 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 16:58 - 2018-03-01 03:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 16:58 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 16:58 - 2018-03-01 03:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 16:58 - 2018-03-01 03:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 16:58 - 2018-03-01 03:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 16:58 - 2018-03-01 03:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 16:58 - 2018-03-01 03:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 16:58 - 2018-03-01 03:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 16:58 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 16:58 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 16:58 - 2018-03-01 02:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 16:58 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 16:58 - 2018-03-01 02:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 16:58 - 2018-03-01 02:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 16:58 - 2018-03-01 02:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 16:58 - 2018-03-01 02:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 16:58 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 16:58 - 2018-03-01 02:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 16:58 - 2018-03-01 02:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 16:58 - 2018-03-01 02:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 16:58 - 2018-03-01 02:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 16:58 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 16:58 - 2018-03-01 02:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 16:58 - 2018-03-01 02:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 16:58 - 2018-03-01 02:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 16:58 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 16:58 - 2018-03-01 01:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 16:58 - 2018-03-01 01:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 16:58 - 2018-03-01 01:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 16:58 - 2018-03-01 01:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 16:58 - 2018-03-01 01:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 16:58 - 2018-03-01 01:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 16:58 - 2018-03-01 01:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 16:58 - 2018-03-01 01:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 16:58 - 2018-03-01 01:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 16:58 - 2018-03-01 01:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 16:58 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 16:58 - 2018-03-01 01:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 16:58 - 2018-03-01 01:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 16:58 - 2018-03-01 01:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 16:58 - 2018-03-01 01:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 16:58 - 2018-03-01 01:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 16:58 - 2018-03-01 01:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 16:58 - 2018-03-01 01:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 16:58 - 2018-03-01 01:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 16:58 - 2018-03-01 01:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 16:58 - 2018-03-01 01:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 16:58 - 2018-03-01 01:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 16:58 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 16:58 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 16:58 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 16:58 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 16:58 - 2018-03-01 01:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 16:58 - 2018-03-01 01:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 16:58 - 2018-02-21 22:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 16:58 - 2018-02-21 22:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 16:58 - 2018-02-21 22:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 16:58 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 16:58 - 2018-02-21 22:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 16:58 - 2018-02-21 22:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 16:58 - 2018-02-21 22:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 16:58 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 16:58 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 16:58 - 2018-02-21 21:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 16:58 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 16:58 - 2018-02-21 21:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 16:58 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 16:58 - 2018-02-21 21:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 16:58 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 16:58 - 2018-02-21 20:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 16:58 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 16:57 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 16:57 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 16:57 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 16:57 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 16:57 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 16:57 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 16:57 - 2018-03-01 22:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 16:57 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 16:57 - 2018-03-01 03:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 16:57 - 2018-03-01 03:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 16:57 - 2018-03-01 03:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 16:57 - 2018-03-01 03:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 16:57 - 2018-03-01 03:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 16:57 - 2018-03-01 03:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 16:57 - 2018-03-01 03:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 16:57 - 2018-03-01 03:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 16:57 - 2018-03-01 03:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 16:57 - 2018-03-01 03:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 16:57 - 2018-03-01 03:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 16:57 - 2018-03-01 03:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 16:57 - 2018-03-01 03:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 16:57 - 2018-03-01 03:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 16:57 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 16:57 - 2018-03-01 03:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 16:57 - 2018-03-01 03:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 16:57 - 2018-03-01 03:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 16:57 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 16:57 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 16:57 - 2018-03-01 03:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 16:57 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 16:57 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 16:57 - 2018-03-01 03:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 16:57 - 2018-03-01 03:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 16:57 - 2018-03-01 03:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 16:57 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 16:57 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 16:57 - 2018-03-01 03:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 16:57 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 16:57 - 2018-03-01 03:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 16:57 - 2018-03-01 02:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 16:57 - 2018-03-01 02:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 16:57 - 2018-03-01 02:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 16:57 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 16:57 - 2018-03-01 02:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 16:57 - 2018-03-01 02:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 16:57 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 16:57 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 16:57 - 2018-03-01 02:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 16:57 - 2018-03-01 02:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 16:57 - 2018-03-01 02:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 16:57 - 2018-03-01 01:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 16:57 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 16:57 - 2018-03-01 01:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 16:57 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 16:57 - 2018-03-01 01:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 16:57 - 2018-03-01 01:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 16:57 - 2018-03-01 01:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 16:57 - 2018-03-01 01:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 16:57 - 2018-03-01 01:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 16:57 - 2018-03-01 01:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 16:57 - 2018-03-01 01:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 16:57 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 16:57 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 16:57 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 16:57 - 2018-03-01 01:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 16:57 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 16:57 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 16:57 - 2018-03-01 01:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 16:57 - 2018-03-01 01:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 16:57 - 2018-03-01 01:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 16:57 - 2018-03-01 01:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 16:57 - 2018-03-01 01:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 16:57 - 2018-03-01 01:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 16:57 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 16:57 - 2018-03-01 01:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 16:57 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 16:57 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 16:57 - 2018-03-01 01:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 16:57 - 2018-03-01 01:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 16:57 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 16:57 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 16:57 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 16:57 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 16:57 - 2018-03-01 01:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 16:57 - 2018-03-01 01:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 16:57 - 2018-03-01 01:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 16:57 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 16:57 - 2018-03-01 01:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 16:57 - 2018-03-01 01:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 16:57 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 16:57 - 2018-03-01 01:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 16:57 - 2018-03-01 01:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 16:57 - 2018-03-01 01:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 16:57 - 2018-03-01 01:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 16:57 - 2018-02-21 22:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 16:57 - 2018-02-21 22:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 16:57 - 2018-02-21 22:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 16:57 - 2018-02-21 22:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 16:57 - 2018-02-21 22:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 16:57 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 16:57 - 2018-02-21 22:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 16:57 - 2018-02-21 21:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 16:57 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 16:57 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 16:57 - 2018-02-21 20:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 16:57 - 2018-02-21 20:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 16:57 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 16:57 - 2018-02-21 20:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-13 16:57 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 16:57 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 16:57 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-12 18:55 - 2018-03-12 19:00 - 000000000 ____D C:\Users\Rabigalo\Documents\Policy Documents
2018-03-11 20:46 - 2018-03-11 20:46 - 000373778 _____ C:\Users\Rabigalo\Desktop\Tournament Challenge - ESPN - ESPN’s NCAA Men's Bracket Game.pdf
2018-03-08 18:33 - 2018-03-08 18:33 - 000096726 _____ C:\Users\Rabigalo\Documents\DS11 - US Passport Application.pdf
2018-03-07 18:25 - 2018-03-07 18:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-07 18:25 - 2018-03-07 18:25 - 000002126 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-03-07 18:19 - 2018-03-07 18:20 - 000503315 _____ C:\Users\Rabigalo\Desktop\Piedmont_eBill.pdf
2018-03-04 22:09 - 2018-03-04 22:09 - 000024732 _____ C:\Users\Rabigalo\Downloads\payment_receipt (1).pdf
2018-03-04 21:30 - 2018-03-04 21:30 - 000024790 _____ C:\Users\Rabigalo\Downloads\payment_receipt.pdf
2018-02-26 16:09 - 2018-03-12 22:56 - 000000000 ____D C:\Users\Rabigalo\Documents\Securitas

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-24 22:46 - 2017-08-31 19:10 - 000033092 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-03-24 22:38 - 2016-11-16 19:23 - 000000000 ____D C:\Users\Rabigalo\AppData\LocalLow\Mozilla
2018-03-24 22:35 - 2017-11-04 19:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-24 20:34 - 2017-04-03 00:27 - 000000000 ____D C:\Users\Rabigalo\Documents\Outlook
2018-03-24 20:34 - 2016-09-11 17:31 - 000000000 ____D C:\Users\Rabigalo\Documents\Outlook Files
2018-03-24 19:33 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-24 17:31 - 2017-11-04 20:10 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ABFA8224-01CC-494C-BCD2-52B1953A36E3}
2018-03-24 17:09 - 2018-01-03 00:23 - 000055296 _____ C:\Users\Rabigalo\Documents\TSP Tracking - 2018.xls
2018-03-24 17:08 - 2018-01-03 00:26 - 000054784 _____ C:\Users\Rabigalo\Documents\TSP Tracking With Share Prices - 2018.xls
2018-03-24 15:48 - 2017-11-04 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-03-24 15:45 - 2017-12-15 22:58 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-24 15:45 - 2017-11-04 20:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-24 15:45 - 2016-09-08 16:45 - 000000000 __SHD C:\Users\Rabigalo\IntelGraphicsProfiles
2018-03-24 15:44 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-23 19:25 - 2017-01-25 19:00 - 000000000 ____D C:\Users\Rabigalo\Documents\CyberLink
2018-03-23 19:25 - 2016-09-02 13:02 - 000000000 ____D C:\ProgramData\CyberLink
2018-03-23 19:09 - 2016-09-02 13:02 - 000000000 ____D C:\ProgramData\Temp
2018-03-23 18:12 - 2017-11-04 19:43 - 000000000 ____D C:\Users\Rabigalo\AppData\Local\Packages
2018-03-23 17:05 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-22 21:24 - 2017-09-29 04:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-03-22 16:40 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-22 16:40 - 2017-07-07 21:48 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-22 16:40 - 2017-07-07 21:48 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-18 19:41 - 2017-05-20 21:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-18 19:41 - 2016-09-08 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-17 17:47 - 2016-09-08 21:17 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-16 18:18 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-16 18:18 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-16 18:14 - 2016-09-08 21:30 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-16 18:02 - 2016-09-02 13:00 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-15 18:41 - 2017-11-04 19:42 - 000000000 ____D C:\Users\Rabigalo
2018-03-14 22:04 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-13 22:38 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-13 22:30 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 22:27 - 2017-11-04 19:59 - 001296096 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-13 22:22 - 2017-11-04 20:40 - 000000000 ___RD C:\Users\Rabigalo\3D Objects
2018-03-13 22:22 - 2016-04-25 16:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-13 22:19 - 2017-11-04 19:35 - 000411024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-13 22:13 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-13 22:13 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-13 22:13 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-13 22:13 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-13 18:11 - 2017-11-04 20:10 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-13 18:11 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 18:11 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-13 17:18 - 2016-09-08 17:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 17:14 - 2017-10-11 13:36 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 17:14 - 2016-09-08 17:59 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 17:03 - 2017-09-29 09:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 17:03 - 2017-09-29 09:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-12 18:45 - 2016-10-18 19:44 - 000000000 ____D C:\Users\Rabigalo\AppData\Roaming\U3
2018-03-12 17:17 - 2017-01-25 19:31 - 000000000 ____D C:\Users\Rabigalo\Documents\Receipts
2018-03-12 16:59 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-09 23:21 - 2017-11-22 00:48 - 000000000 ____D C:\Users\Rabigalo\Documents\TSP Withdrawal
2018-03-09 23:13 - 2017-01-25 19:31 - 000000000 ___RD C:\Users\Rabigalo\Documents\Retirement
2018-03-07 18:27 - 2016-09-08 19:36 - 000000000 ____D C:\Users\Rabigalo\AppData\Local\Adobe
2018-03-07 18:27 - 2016-09-08 16:45 - 000000000 ____D C:\Users\Rabigalo\AppData\Roaming\Adobe
2018-03-07 18:26 - 2017-11-04 20:10 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-07 18:25 - 2016-09-08 18:24 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-07 18:24 - 2016-09-08 18:24 - 000000000 ____D C:\ProgramData\Adobe
2018-03-07 14:50 - 2017-11-04 20:10 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-03-07 12:50 - 2016-09-08 17:11 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-02 23:31 - 2017-11-04 20:10 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3267101396-1119176653-3220088351-1001
2018-03-02 23:31 - 2016-09-08 16:50 - 000002416 _____ C:\Users\Rabigalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-02 23:31 - 2016-09-08 16:50 - 000000000 ___RD C:\Users\Rabigalo\OneDrive
2018-03-02 17:09 - 2017-12-14 01:27 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 17:09 - 2017-12-14 01:27 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-26 20:07 - 2017-06-26 17:26 - 000000000 ____D C:\Users\Rabigalo\AppData\Local\ElevatedDiagnostics
2018-02-24 23:42 - 2016-09-08 18:26 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2018-02-22 21:37 - 2017-01-25 19:31 - 000000000 ____D C:\Users\Rabigalo\Documents\NOBLE

Some files in TEMP:
====================
2018-03-23 18:58 - 2018-03-23 18:58 - 000253016 _____ (SlimWare Utilities Holdings, Inc.) C:\Users\Rabigalo\AppData\Local\Temp\scp133A.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-18 19:59

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Rabigalo (24-03-2018 22:55:48)
Running from C:\Users\Rabigalo\Desktop
Windows 10 Pro Version 1709 16299.309 (X64) (2017-11-05 00:16:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3267101396-1119176653-3220088351-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3267101396-1119176653-3220088351-503 - Limited - Disabled)
Guest (S-1-5-21-3267101396-1119176653-3220088351-501 - Limited - Disabled)
Rabigalo (S-1-5-21-3267101396-1119176653-3220088351-1001 - Administrator - Enabled) => C:\Users\Rabigalo
WDAGUtilityAccount (S-1-5-21-3267101396-1119176653-3220088351-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adobe Acrobat DC (2015) (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30417 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{2B4D4A54-27CD-ADED-F5E7-CCD374A68770}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E194A8D0-8545-C587-67FB-8BF17CCADF03}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B64923B3-EDF7-380F-3EBC-2F6A7E3D5E87}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{475A4387-3F3D-1715-ED19-824F719D90DD}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{D058B795-4274-F96C-389F-CA07D4BA7A03}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{50B1E954-1D62-3498-E0E3-B9ED8B9B3763}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{C773C108-8674-D32D-D3AD-40D6A868B287}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{155190A9-10BB-7072-894C-6ABFF2358FC5}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{B09ADB72-2248-8E35-EDE4-EE7DDB31F6BD}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CEA9CB90-2DD4-CB83-F2C4-6BB0841BFFA6}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{07F29FA8-3C1C-23FB-83BD-A2C84AE3F939}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{6EE720CF-577F-5AE6-B2B1-8AED1479E29B}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{73C14D01-420D-4806-1BF7-A10B2E7505F1}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{C70525D3-B447-74B5-CDAB-5566D4777743}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8E36DDAA-6751-AB58-0CD3-DE7004ED4CD8}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{E1B43D42-4E65-AAF6-CD16-633A2AA75DF6}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{3398C8E5-48DC-99D6-5B50-6AD312CF3756}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{A728E928-73FA-5291-33E8-D3A1AF895D6C}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B2524444-E827-10D9-789D-91087707666A}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{85733995-9FAB-3516-B552-80A9D651B682}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{C5B64E80-0E6F-02F7-CF5D-7A3D90572BB8}) (Version: 2017.0410.1312.21926 - Advanced Micro Devices, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
CyberLink PowerDVD 16 (HKLM-x32\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.1510.60 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{6EC2BBF2-A438-4240-A7C1-748309E77E02}) (Version: 3.0.98.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssist Remediation (HKLM\...\{4164FBBB-3428-4EFE-863F-30CAC3ADE51A}) (Version: 3.1.2.3837 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{80642b68-d76d-4777-a9dc-4ca30647e8a8}) (Version: 3.1.2.3837 - Dell Inc.)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Fresco Logic USB Display Driver (HKLM\...\{469DA1EA-23CD-4C56-84FE-728C438DAE82}) (Version: 2.0.33100.0 - Fresco Logic)
FrostWire 6.3.6 (HKLM-x32\...\FrostWire 6) (Version: 6.3.6.202 - FrostWire LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Color LaserJet Pro M452 (HKLM-x32\...\{60cc8319-2c81-4d9b-84ca-88a4faa33aff}) (Version: 16.0.15111.497 - Hewlett-Packard)
HP Color LaserJet Pro MFP M477 (HKLM-x32\...\{15758d59-89d2-4595-b92f-0145a142f8f7}) (Version: 16.0.17062.686 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{19EDEC5D-055E-4AD0-88AC-C342608FC47E}) (Version: 36.0.445.57508 - HP)
HP Google Drive Plugin (HKLM-x32\...\{1B225296-B1F1-40B3-8427-844E97CB2D1B}) (Version: 36.0.445.57508 - HP)
HPCLJProM452 (HKLM-x32\...\{E7E2297B-B657-470B-9575-1B5ED16581D5}) (Version: 0.05.0000 - Hewlett-Packard) Hidden
HPCLJProMFPM477 (HKLM-x32\...\{9F4A8FAA-994E-4623-AB4C-D00F51DA189D}) (Version: 0.05.0000 - Hewlett-Packard) Hidden
HPDXP (HKLM-x32\...\{76D91695-09BD-4006-BDBF-DD68BD27B62C}) (Version: 3.0.26.16 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM452LaserJetService (HKLM-x32\...\{FD23DEFC-8027-4E25-BDAE-34023B28A384}) (Version: 001.034.00688 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CF10F6BC-C710-4F6F-B7E1-4057699A59AA}) (Version: 12.3.6.10 - HP)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4771 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8431b7d7-59d1-4f45-8212-a2eac049528f}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
McAfee All Access – Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3267101396-1119176653-3220088351-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.1.6648 - Mozilla)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Product Registration (HKLM\...\{6EC2BBF2-A438-4240-A7C1-748309E77E02}) (Version: 3.0.98.0 - Dell Inc.) Hidden
PX Profile Update (HKLM-x32\...\{0D5E5C9A-84C2-D3E9-30EE-1836BA479E0E}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{8DC1990E-2E49-BEA6-D083-C26A2BB218F9}) (Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.009 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-3) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Windows Driver Package - Fresco Logic (fl2000) AVClass (12/16/2016 2.0.33100.0) (HKLM\...\96322B3F016224B322904E25468308CA20728F15) (Version: 12/16/2016 2.0.33100.0 - Fresco Logic)
Windows Driver Package - Fresco Logic Inc. (lci_proxykmd) System (12/16/2016 2.0.33100.0) (HKLM\...\722A352AC2F5CAC706F1E3E565971D900E170305) (Version: 12/16/2016 2.0.33100.0 - Fresco Logic Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-10] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_453d2af85bf95078\igfxDTCM.dll [2017-09-08] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C77EB2-ACCB-45D0-BC69-0233BFC3CD67} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {0AAD160C-314D-44E2-BFED-CC39625DDB3B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {1B8805D0-5D61-4CDC-9DC3-F8A9665713DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-07] (Google Inc.)
Task: {223CF90C-69C9-40A4-ACC7-38AD41B9A41E} - System32\Tasks\AdobeGCInvoker-1.0-BIGGIE-Rabigalo => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {2A1B2351-F3A6-4096-8284-B46CC7105360} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-03-16] (Microsoft Corporation)
Task: {2B11FEA3-36AF-479C-9D1B-B4E2170A112A} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {2FE700D4-981E-45F3-8EA4-B7CC997F45C6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {3383E4A6-03C5-467E-BAD2-2674264090D8} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {37AFB90A-6ABF-4BE7-A3B9-B72B873F1D08} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-08] (Dropbox, Inc.)
Task: {48D6B7BC-37D7-4FE9-BC02-1E3A798027F3} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {4AF333C8-84C2-407B-A2CB-3D67E4863E2A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {4BA298E2-A4FB-49F1-8FD2-218DD9EBB7FD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {5ABC7051-4805-4F3B-8CBB-2E77120E865A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {5E4D7C4F-58AF-46A8-A227-1D7481EFF420} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-30] (DropboxOEM)
Task: {5E821E51-F376-4236-9C50-00C52C3678E8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5EDCB214-9D38-4DC6-989B-48DE2DD331B4} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {6805AD40-687D-4AEA-99A5-5847B949D496} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-10] (Advanced Micro Devices, Inc.)
Task: {77A2FB67-FDC8-40A2-85F6-495A1446C08F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-03-16] (Microsoft Corporation)
Task: {7DDDBD0E-FB27-43BA-97EB-27815D96F2D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {8DFECAC8-1A21-4232-B3E8-DF4757CD8905} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {8F3DDBCD-F21B-492E-A7FB-33BD4541EF62} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {9C1688AC-4D9D-477F-A492-0480807D0908} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {A3EB0A08-4C4F-492A-A55A-73CD76E8D3D8} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
Task: {A49399AA-57F3-4436-9B47-C111C537D337} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {B7642865-B30E-4501-8157-9D7162F09049} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {BA846478-2357-4682-BA89-A8BAF1310E51} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-01] (McAfee, Inc.)
Task: {BDF55CA6-D49A-4E93-B84E-C92D508C111E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {BF6EE6B0-13E2-4C92-9C8F-36003228A2F6} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {CEC2820F-EF79-4C4A-96B5-642AC4C48BE5} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {D4A15F75-2EBD-48D5-9847-98ADFD03B89D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {DD1E22DE-1AF0-4899-8FAB-F772BE4DEBD4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {DDE5A63D-E952-4889-B961-32BFF8B8D0E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-07] (Google Inc.)
Task: {E2CDAB75-51DA-4DF6-AD9D-553AB7D3D6BC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-08] (Dropbox, Inc.)
Task: {F86B1E63-94EE-42E5-BD17-CC35E9062B92} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP BIGGIE

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Rabigalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.3.6-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-26 20:05 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-13 16:57 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 16:57 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-16 18:15 - 2018-03-16 18:16 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-16 18:15 - 2018-03-16 18:16 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 18:15 - 2018-03-16 18:16 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-16 18:15 - 2018-03-16 18:16 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-20 19:49 - 2018-01-05 18:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-04-20 19:49 - 2018-01-05 18:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-01-18 09:31 - 2018-01-18 09:31 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\McCSPMsgBusDLL.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-03-15 18:52 - 2018-03-15 18:53 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 16:59 - 2018-03-09 16:59 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-21 18:53 - 2018-02-21 18:53 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-02-21 18:53 - 2018-02-21 18:53 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-21 18:53 - 2018-02-21 18:53 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-25 22:09 - 2017-09-25 22:10 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-21 18:53 - 2018-02-21 18:53 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-03-01 10:25 - 2018-03-01 10:29 - 000477696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-03-01 10:25 - 2018-03-01 10:29 - 059575808 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 12:25 - 2017-10-05 12:26 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-03-01 10:25 - 2018-03-01 10:27 - 003741184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-13 18:37 - 2017-12-13 18:42 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-02-15 17:05 - 2018-02-15 17:06 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-03-01 10:25 - 2018-03-01 10:29 - 015986688 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-03-01 10:25 - 2018-03-01 10:27 - 003592704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-03-01 10:25 - 2018-03-01 10:25 - 003231232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-03-01 10:25 - 2018-03-01 10:29 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-01 15:10 - 2018-02-01 15:10 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-01 10:25 - 2018-03-01 10:26 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-02-15 17:05 - 2018-02-15 17:06 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-03-01 10:25 - 2018-03-01 10:29 - 000628736 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-01 10:25 - 2018-03-01 10:29 - 000152064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\SKU.dll
2018-03-22 16:40 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-22 16:40 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-02 13:02 - 2014-12-08 03:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 18:28 - 2014-12-08 18:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2017-09-19 10:35 - 2017-09-19 10:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 19:26 - 2015-06-23 19:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-11-21 14:50 - 2017-11-21 14:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2016-10-10 21:16 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3267101396-1119176653-3220088351-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A1E4852C-A590-4C21-B474-55D3B190AC2D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{E4C5CA83-A0D4-435F-94A8-ED6B41C6D084}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{C544D9E1-60E0-41C7-8AB6-30EB5053AAD7}] => (Allow) C:\Users\Rabigalo\AppData\Local\Temp\7zS7FCD\HP.EasyStart.exe
FirewallRules: [{56E8359E-46F2-440F-B140-A960492EF178}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{94254461-7387-447A-8D5F-15EDA8D3D2EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE373133-B914-4EFF-AC31-9B383BE44A51}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{42EA1005-F13E-415D-B967-CB16C9298FA5}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{43CCEBFB-D1B0-483A-91B6-D2DEC1C1E9C0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D2542B10-44C9-45C5-A2F6-D22482A1CC0D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AE0D8746-EC87-4E1B-8824-B6894C224D4E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{DDBD06BA-8EB9-4FD5-A59D-6324238B0EEB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{51583130-15AF-4D62-A688-05D73AE8EE3F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9718DA4E-EC5C-4C68-BEEE-313E3F8CB107}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{308A9A98-AD28-4606-B14E-9FBE28D5A0D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B5EF552E-4BBE-4CE6-81DE-C60CB5FC1C55}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C89E223-2C3C-47D9-BC65-5E0A2829FC36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{532691C8-AEF3-413D-B8A6-4924CEAD2FFB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{8744A480-DA53-4577-9F0B-12E3BAF9F901}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D2605A48-1861-45F7-B1CE-10DF090BE2BF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F5FE1D98-49F1-4315-99E7-42EB74671879}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{17B0D59E-1E7B-415D-A5FC-A142B08C6018}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{EDE41524-3BE1-411A-A7C8-9E3F89C2EA1E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-03-2018 01:23:29 Scheduled Checkpoint
13-03-2018 16:56:05 Windows Update
22-03-2018 22:09:28 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2018 08:06:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BIGGIE)
Description: Package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (03/24/2018 03:49:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 8.0.168.192.in-addr.arpa. PTR Biggie.local.

Error: (03/24/2018 03:49:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.8:5353 16 8.0.168.192.in-addr.arpa. PTR Biggie-2.local.

Error: (03/24/2018 03:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DropboxOEM.exe, version: 4.1.2.0, time stamp: 0x583f7854
Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
Exception code: 0xe0434352
Fault offset: 0x001008f2
Faulting process id: 0x23d8
Faulting application start time: 0x01d3c3a8cc4af379
Faulting application path: C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5f42c0ca-4582-4ef6-b9f0-571f23d89fdd
Faulting package full name:
Faulting package-relative application ID:

Error: (03/24/2018 03:48:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DropboxOEM.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef)
at System.Xml.XmlTextReaderImpl.ParseText()
at System.Xml.XmlTextReaderImpl.ParseElementContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlTextReader.Read()
at System.Xml.XmlTextReaderImpl.Skip()
at System.Xml.XmlTextReader.Skip()
at System.Configuration.XmlUtil.StrictSkipToNextElement(System.Configuration.ExceptionAction)
at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil)
at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
at System.Configuration.ConfigurationManager.GetSection(System.String)
at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
at System.Configuration.SettingsBase.get_Item(System.String)
at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
at DropboxOEM.Properties.Settings.get_ForegroundProcessPriority()
at DropboxOEM.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at DropboxOEM.App.Main()

Error: (03/24/2018 03:44:03 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (03/24/2018 03:44:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xfd0
Faulting application start time: 0x01d3c3a6dfebf660
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 794f2707-9b56-4dad-9844-a59424aba078
Faulting package full name:
Faulting package-relative application ID:

Error: (03/24/2018 03:43:55 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error


System errors:
=============
Error: (03/24/2018 10:39:43 PM) (Source: DCOM) (EventID: 10016) (User: BIGGIE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user BIGGIE\Rabigalo SID (S-1-5-21-3267101396-1119176653-3220088351-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/24/2018 08:31:53 PM) (Source: DCOM) (EventID: 10016) (User: BIGGIE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user BIGGIE\Rabigalo SID (S-1-5-21-3267101396-1119176653-3220088351-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/24/2018 08:07:37 PM) (Source: DCOM) (EventID: 10016) (User: BIGGIE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user BIGGIE\Rabigalo SID (S-1-5-21-3267101396-1119176653-3220088351-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/24/2018 08:06:34 PM) (Source: DCOM) (EventID: 10016) (User: BIGGIE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user BIGGIE\Rabigalo SID (S-1-5-21-3267101396-1119176653-3220088351-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/24/2018 08:05:16 PM) (Source: DCOM) (EventID: 10016) (User: BIGGIE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user BIGGIE\Rabigalo SID (S-1-5-21-3267101396-1119176653-3220088351-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/24/2018 04:00:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/24/2018 03:48:17 PM) (Source: DCOM) (EventID: 10016) (User: BIGGIE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user BIGGIE\Rabigalo SID (S-1-5-21-3267101396-1119176653-3220088351-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/24/2018 03:45:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-03-24 22:50:50.703
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-24 22:50:50.701
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-24 22:39:56.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-24 22:39:56.485
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-24 22:30:27.537
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-24 22:30:27.535
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-24 22:24:55.977
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-24 22:24:55.976
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 16275.9 MB
Available physical RAM: 11909.07 MB
Total Virtual: 25404.19 MB
Available Virtual: 20068.52 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1847.42 GB) (Free:1524.66 GB) NTFS

\\?\Volume{cb73e047-a7b8-4cd1-a759-bfe8d8985e54}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
\\?\Volume{a243fd2e-e45e-477f-8cc1-242a6cac95a5}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{d16e573c-6ecb-4bc8-9d22-046955bb1935}\ (Image) (Fixed) (Total:13.52 GB) (Free:0.62 GB) NTFS
\\?\Volume{ba762963-de33-41fd-ab89-e402a0e3e947}\ (DELLSUPPORT) (Fixed) (Total:1.02 GB) (Free:0.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B1139509)

Partition: GPT.

==================== End of Addition.txt ============================

PU.SW.SlimDrivers: [SBI $51ED3092] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3267101396-1119176653-3220088351-1001\Software\SlimWare Utilities Inc

PU.SW.SlimDrivers: [SBI $04ECE7C8] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc

PU.SW.SlimDrivers: [SBI $04ECE7C8] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc

CasaleMedia: Tracking cookie (Internet Explorer: Rabigalo) (Cookie, nothing done)


LinkSynergy: Tracking cookie (Internet Explorer: Rabigalo) (Cookie, nothing done)


LinkSynergy: Tracking cookie (Internet Explorer: Rabigalo) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Rabigalo) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Rabigalo) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2018-03-24 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2015-07-31 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2018-03-21 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2016-11-16 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-11-03 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2018-03-07 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2017-12-27 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2016-06-22 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2016-06-14 Includes\Malware-004.sbi (*)
2016-06-22 Includes\Malware-005.sbi (*)
2016-01-18 Includes\Malware-006.sbi (*)
2015-10-29 Includes\Malware-007.sbi (*)
2018-03-14 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2018-03-21 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2018-02-26 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2015-02-25 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2018-01-03 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2017-06-29 Includes\Trojans-000.sbi (*)
2017-05-08 Includes\Trojans-001.sbi (*)
2017-10-25 Includes\Trojans-002.sbi (*)
2017-09-18 Includes\Trojans-003.sbi (*)
2017-04-06 Includes\Trojans-004.sbi (*)
2017-07-19 Includes\Trojans-005.sbi (*)
2016-03-16 Includes\Trojans-006.sbi (*)
2017-12-01 Includes\Trojans-007.sbi (*)
2016-03-09 Includes\Trojans-008.sbi (*)
2017-07-26 Includes\Trojans-009.sbi (*)
2018-03-21 Includes\Trojans-C.sbi (*)
2016-02-02 Includes\Trojans-OG-000.sbi (*)
2016-08-05 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2015-11-09 Includes\Trojans-ZB-000.sbi (*)
2016-04-19 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Juliet
2018-03-25, 16:00
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::


Start::
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope {294B6A7F-85F4-4D70-83D2-22158F594F6E} URL =
SearchScopes: HKLM-x32 -> DefaultScope {294B6A7F-85F4-4D70-83D2-22158F594F6E} URL =
SearchScopes: HKU\S-1-5-21-3267101396-1119176653-3220088351-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
CHR DefaultSearchURL: Default -> hxxps://results.searchlock.com/search/?q={searchTerms}&sr=def-search
CHR DefaultSearchKeyword: Default -> searchlock.com
CHR DefaultSuggestURL: Default -> hxxps://www.searchlock.com/search/suggest?q={searchTerms}
2018-03-23 18:58 - 2018-03-23 18:58 - 000253016 _____ (SlimWare Utilities Holdings, Inc.) C:\Users\Rabigalo\AppData\Local\Temp\scp133A.tmp.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {5E821E51-F376-4236-9C50-00C52C3678E8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Shortcut: C:\Users\Rabigalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.3.6-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()
Hosts:
Emptytemp:
End::


Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply


http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

created by Aura

Your next reply(ies) should therefore contain:

Copy/pasted Fixlog.txt
Copy/pasted RogueKiller clean log
Copy/pasted AdwCleaner clean log

Bigalo
2018-03-25, 21:20
I've completed the tasks. Please see the logs below.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Rabigalo (25-03-2018 12:42:21) Run:1
Running from C:\Users\Rabigalo\Desktop
Loaded Profiles: Rabigalo (Available Profiles: Rabigalo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope {294B6A7F-85F4-4D70-83D2-22158F594F6E} URL =
SearchScopes: HKLM-x32 -> DefaultScope {294B6A7F-85F4-4D70-83D2-22158F594F6E} URL =
SearchScopes: HKU\S-1-5-21-3267101396-1119176653-3220088351-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
CHR DefaultSearchURL: Default -> hxxps://results.searchlock.com/search/?q={searchTerms}&sr=def-search
CHR DefaultSearchKeyword: Default -> searchlock.com
CHR DefaultSuggestURL: Default -> hxxps://www.searchlock.com/search/suggest?q={searchTerms}
2018-03-23 18:58 - 2018-03-23 18:58 - 000253016 _____ (SlimWare Utilities Holdings, Inc.) C:\Users\Rabigalo\AppData\Local\Temp\scp133A.tmp.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {5E821E51-F376-4236-9C50-00C52C3678E8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Shortcut: C:\Users\Rabigalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.3.6-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()
Hosts:
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3267101396-1119176653-3220088351-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}" => removed successfully
HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => not found
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
C:\Users\Rabigalo\AppData\Local\Temp\scp133A.tmp.exe => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E821E51-F376-4236-9C50-00C52C3678E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E821E51-F376-4236-9C50-00C52C3678E8}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"C:\Users\Rabigalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.3.6-SafeMode.lnk" => Could not move.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12898274 B
Java, Flash, Steam htmlcache => 4837 B
Windows/system/drivers => 13019527 B
Edge => 588851 B
Chrome => 924956820 B
Firefox => 426671949 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1321477 B
systemprofile32 => 0 B
LocalService => 393651 B
NetworkService => 0 B
Rabigalo => 108278354 B

RecycleBin => 2460 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-03-2018 12:47:08)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 12:47:09 ====

RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Rabigalo [Administrator]
Started from : C:\Users\Rabigalo\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 03/25/2018 13:04:23 (Duration : 00:44:18)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3267101396-1119176653-3220088351-1001\Software\SlimWare Utilities Inc -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3267101396-1119176653-3220088351-1001\Software\SlimWare Utilities Inc -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3267101396-1119176653-3220088351-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3267101396-1119176653-3220088351-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C544D9E1-60E0-41C7-8AB6-30EB5053AAD7} : v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Rabigalo\AppData\Local\Temp\7zS7FCD\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc -> Deleted
[PUP.Gen1][File] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\htmlayout.dll -> Deleted
[PUP.Gen1][File] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png -> Deleted
[PUP.Gen1][Folder] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images -> Deleted
[PUP.Gen1][File] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2018-03-23 18-58-54 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2018-03-23 18-59-14 0.log -> Deleted
[PUP.Gen1][Folder] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs -> Deleted
[PUP.Gen1][File] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Messaging\dontshowagain.json -> Deleted
[PUP.Gen1][File] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Messaging\messages.json -> Deleted
[PUP.Gen1][Folder] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Messaging -> Deleted
[PUP.Gen1][File] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db -> Deleted
[PUP.Gen1][Folder] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\DriverUpdate -> Deleted
[PUP.Gen1][File] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\Installers\US-131663208509005766.log -> Deleted
[PUP.Gen1][File] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\Installers\US-131663208837108274.log -> Deleted
[PUP.Gen1][Folder] C:\Users\Rabigalo\AppData\Local\SlimWare Utilities Inc\Installers -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] ma5f8kek.default-1473380576373 : user_pref("browser.startup.homepage", "my.earthlink.net/"); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000LM003 HN-M201RAD +++++
--- User ---
[MBR] e4600811faf04429b417720afce7a8d1
[BSP] 1315138415007e7bf08f7146e47f8007 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1026048 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1288192 | Size: 1891759 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 3875610624 | Size: 450 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 3876532224 | Size: 13841 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 3904878592 | Size: 1045 MB
User = LL1 ... OK
User = LL2 ... OK

# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 25 18:06:24 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\All Users\Documents\Downloaded Installers
Deleted: C:\Users\Public\Documents\Downloaded Installers


***** [ Files ] *****

Deleted: C:\Users\Rabigalo\Downloads\DRIVERUPDATE-SETUP.EXE


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: DriverUpdate Scan


***** [ Registry ] *****

Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\ByteFence\Uninstall.exe


***** [ Firefox (and derivatives) ] *****

SearchProvider deleted: search.heasyspeedtest.co - Search


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1433 B] - [2018/3/25 18:3:56]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Juliet
2018-03-26, 00:08
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

created by Aura

Please post this log with an update on how the computer is at the moment.

Bigalo
2018-03-26, 00:32
There appears to be no issues to quarantine after the scan. The log from the scan is as follows:

Emsisoft Emergency Kit - Version 2017.12
Last update: 9/1/2017 9:57:57 PM
User account: BIGGIE\Rabigalo
Computer name: BIGGIE
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 3/25/2018 5:22:28 PM

Scanned 140239
Found 0

Scan end: 3/25/2018 5:28:16 PM
Scan time: 0:05:48

Juliet
2018-03-26, 00:55
All better?

Bigalo
2018-03-26, 00:57
Thank you for your assistance!

Juliet
2018-03-26, 01:04
DelFix


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**********

Juliet
2018-03-27, 03:15
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.