[RESOLVED] Zeus Virus Alert
Page 1 of 2 12 LastLast
Results 1 to 15 of 30

Thread: [RESOLVED] Zeus Virus Alert

Hybrid View

  1. #1
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708

    Resolved [RESOLVED] Zeus Virus Alert

    I have submitted a new thread a few hours ago, but I don't see it posted. Did it go through or do I need to resubmit?

  2. #2
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708

    Zeus Virus Alert

    It looks like my first thread didn't get posted. I will post again. I apologize in advance if the first one is found. If that is the case, you can close one of them.

    I was watching a video on youtube and the youtuber posted a link below his video. I clicked on it and it opened a new tab window in firefox that stated "Zeus virus detected in your computer." I attached a screenshot of the tab window that states I was infected with Zeus virus to this thread. It won't allow me to close that tab window and I can't cancel the popup window that asks for a username and password. It has pretty much disabled me from using firefox at this point. I am using chrome temporarily. I ran avast av and malwarebytes programs and it did not detect anything. I think it is a scam, but want to make sure.

    I ran FRST, as instructed. Below is a copy of the FRST and Addition logs. I will have to post them in multiple posts due to the character limitation. Below is part 1.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2017
    Ran by Dave (administrator) on DESKTOP-3MAKK5S (07-12-2017 02:51:04)
    Running from C:\Users\Dave\Desktop
    Loaded Profiles: Dave (Available Profiles: defaultuser0 & Dave)
    Platform: Windows 10 Pro Version 1709 16299.64 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122459.inf_amd64_e5494748d53088c1\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122459.inf_amd64_e5494748d53088c1\IntelCpHDCPSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee LLC) C:\Windows\System32\mfevtps.exe
    (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122459.inf_amd64_e5494748d53088c1\IntelCpHeciSvc.exe
    (McAfee LLC) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
    (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\McCSPServiceHost.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
    (Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
    (Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
    (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122459.inf_amd64_e5494748d53088c1\igfxEM.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
    () C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
    (Inmar, Inc.) C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-06] (Intel Corporation)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9080848 2016-11-23] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_WAVES_SKYLAKE] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1480712 2016-11-23] (Realtek Semiconductor)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-14] (AVAST Software)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-13] (Dropbox, Inc.)
    HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49976 2014-08-01] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\Run: [f.lux] => C:\Users\Dave\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
    Attached Images Attached Images

  3. #3
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    Below is part 3.


    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-14] (AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-14] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-14] (AVAST Software s.r.o.)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-14] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-14] (AVAST Software s.r.o.)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-14] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-14] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-14] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-14] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-14] (AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-17] (AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-14] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-14] (AVAST Software)
    R3 AX88179; C:\WINDOWS\System32\drivers\ax88179_178a.sys [88112 2016-07-13] (ASIX Electronics Corp.)
    R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-19] (Rivet Networks, LLC.)
    R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-04-24] (Qualcomm)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77296 2017-09-15] (McAfee LLC)
    R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
    R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-08-12] (Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-08-12] (Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-08-12] (Intel Corporation)
    R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54800 2016-08-16] (Intel Corporation)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [235904 2017-10-11] (McAfee, Inc.)
    S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [89912 2016-08-29] (Intel Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-07] (Malwarebytes)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [492520 2017-09-15] (McAfee LLC)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355304 2017-09-15] (McAfee LLC)
    U3 mfeavfk01; no ImagePath
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84024 2017-09-15] (McAfee LLC)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [505328 2017-09-15] (McAfee LLC)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [936936 2017-09-15] (McAfee LLC)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [505768 2017-11-14] (McAfee LLC.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108456 2017-11-14] (McAfee LLC.)
    R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115184 2017-09-15] (McAfee LLC)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252904 2017-09-15] (McAfee LLC)
    S3 mosuport; C:\WINDOWS\System32\drivers\mosuport.sys [371352 2016-08-03] (ASIX Electronics Corporation)
    R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [796672 2016-12-15] (Realsil Semiconductor Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-07 02:51 - 2017-12-07 02:51 - 000043937 _____ C:\Users\Dave\Desktop\FRST.txt
    2017-12-07 02:50 - 2017-12-07 02:50 - 000000000 ____D C:\Program Files\Common Files\Avast Software
    2017-12-07 02:43 - 2017-12-07 02:43 - 000000000 ____D C:\ProgramData\SWCUTemp
    2017-12-07 02:34 - 2017-12-07 02:51 - 000000000 ____D C:\FRST
    2017-12-07 02:31 - 2017-12-07 02:31 - 002390528 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
    2017-12-05 03:40 - 2017-12-05 03:40 - 026783176 _____ (Qples Inc) C:\Users\Dave\Downloads\QponPrinter.exe
    2017-11-30 14:17 - 2017-12-07 02:15 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
    2017-11-28 19:50 - 2017-12-06 00:16 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Skype
    2017-11-23 13:37 - 2017-11-23 13:37 - 000000000 ____D C:\Users\Dave\AppData\Local\Hopster
    2017-11-23 13:37 - 2017-11-23 13:37 - 000000000 ____D C:\Program Files (x86)\Digital Coupon Printer
    2017-11-20 18:27 - 2017-11-20 18:27 - 000002292 _____ C:\Users\Public\Desktop\HP Copy (G4010).lnk
    2017-11-20 18:27 - 2017-11-20 18:27 - 000002264 _____ C:\Users\Public\Desktop\HP Scanning (G4010).lnk
    2017-11-20 18:27 - 2017-11-20 18:27 - 000000000 ____D C:\Users\Dave\AppData\Roaming\HpUpdate
    2017-11-20 18:27 - 2017-11-20 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2017-11-20 18:14 - 2017-11-20 18:14 - 000000000 ____D C:\Users\Dave\AppData\Local\DBG
    2017-11-18 17:31 - 2017-11-18 17:31 - 000000000 ____D C:\Program Files (x86)\Valassis
    2017-11-15 19:34 - 2017-11-15 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-11-14 23:18 - 2017-11-14 23:18 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2017-11-14 23:18 - 2017-11-14 23:18 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2017-11-14 17:21 - 2017-10-25 04:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2017-11-14 17:21 - 2017-10-25 04:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
    2017-11-14 17:21 - 2017-10-25 04:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2017-11-14 17:21 - 2017-10-25 03:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2017-11-14 17:21 - 2017-10-25 03:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
    2017-11-14 17:21 - 2017-10-25 03:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
    2017-11-14 17:21 - 2017-10-25 01:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
    2017-11-14 17:21 - 2017-10-24 23:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
    2017-11-14 17:21 - 2017-10-24 23:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2017-11-14 17:21 - 2017-10-24 23:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-11-14 17:21 - 2017-10-24 23:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
    2017-11-14 17:21 - 2017-10-24 23:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2017-11-14 17:21 - 2017-10-24 23:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
    2017-11-14 17:21 - 2017-10-24 23:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-11-14 17:21 - 2017-10-24 23:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2017-11-14 17:21 - 2017-10-24 23:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2017-11-14 17:21 - 2017-10-24 23:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-11-14 17:21 - 2017-10-24 23:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2017-11-14 17:21 - 2017-10-24 23:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-11-14 17:21 - 2017-10-24 23:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-11-14 17:21 - 2017-10-24 23:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
    2017-11-14 17:21 - 2017-10-24 23:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2017-11-14 17:21 - 2017-10-24 23:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-11-14 17:21 - 2017-10-24 23:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2017-11-14 17:21 - 2017-10-24 23:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
    2017-11-14 17:21 - 2017-10-24 23:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2017-11-14 17:21 - 2017-10-24 23:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-11-14 17:21 - 2017-10-24 23:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2017-11-14 17:21 - 2017-10-24 23:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2017-11-14 17:21 - 2017-10-24 23:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2017-11-14 17:21 - 2017-10-24 23:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2017-11-14 17:21 - 2017-10-24 23:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-11-14 17:21 - 2017-10-24 23:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-11-14 17:21 - 2017-10-24 23:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2017-11-14 17:21 - 2017-10-24 23:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-11-14 17:21 - 2017-10-24 23:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
    2017-11-14 17:21 - 2017-10-24 23:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2017-11-14 17:21 - 2017-10-24 23:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2017-11-14 17:21 - 2017-10-24 22:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2017-11-14 17:21 - 2017-10-24 22:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-11-14 17:21 - 2017-10-24 22:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2017-11-14 17:21 - 2017-10-24 22:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
    2017-11-14 17:21 - 2017-10-24 22:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-11-14 17:21 - 2017-10-24 22:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2017-11-14 17:21 - 2017-10-24 22:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-11-14 17:21 - 2017-10-24 22:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
    2017-11-14 17:21 - 2017-10-24 22:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-11-14 17:21 - 2017-10-24 22:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-11-14 17:21 - 2017-10-24 22:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
    2017-11-14 17:21 - 2017-10-24 22:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
    2017-11-14 17:21 - 2017-10-24 22:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-11-14 17:21 - 2017-10-24 22:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
    2017-11-14 17:21 - 2017-10-24 22:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2017-11-14 17:21 - 2017-10-24 22:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-11-14 17:21 - 2017-10-24 22:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2017-11-14 17:21 - 2017-10-24 22:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
    2017-11-14 17:21 - 2017-10-24 22:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
    2017-11-14 17:21 - 2017-10-24 22:13 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2017-11-14 17:21 - 2017-10-24 22:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-11-14 17:21 - 2017-10-24 22:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2017-11-14 17:21 - 2017-10-24 22:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2017-11-14 17:21 - 2017-10-24 22:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-11-14 17:21 - 2017-10-24 22:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2017-11-14 17:21 - 2017-10-24 22:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
    2017-11-14 17:21 - 2017-10-24 22:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-11-14 17:21 - 2017-10-24 22:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-11-14 17:21 - 2017-10-24 22:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2017-11-14 17:21 - 2017-10-24 22:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-11-14 17:21 - 2017-10-24 22:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-11-14 17:21 - 2017-10-24 22:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2017-11-14 17:21 - 2017-10-24 22:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-11-14 17:21 - 2017-10-24 22:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
    2017-11-14 17:21 - 2017-10-24 22:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-11-14 17:21 - 2017-10-24 22:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-11-14 17:21 - 2017-10-24 22:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-11-14 17:21 - 2017-10-24 22:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
    2017-11-14 17:21 - 2017-10-24 22:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
    2017-11-14 17:21 - 2017-10-24 22:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
    2017-11-14 17:21 - 2017-10-24 22:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2017-11-14 17:21 - 2017-10-24 22:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2017-11-14 17:21 - 2017-10-24 22:01 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2017-11-14 17:21 - 2017-10-24 22:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-11-14 17:21 - 2017-10-24 21:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-11-14 17:21 - 2017-10-24 21:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2017-11-14 17:21 - 2017-10-24 21:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-11-14 17:21 - 2017-10-24 21:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2017-11-14 17:21 - 2017-10-24 21:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2017-11-14 17:21 - 2017-10-24 21:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-11-14 17:21 - 2017-10-24 21:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2017-11-14 17:21 - 2017-10-24 21:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
    2017-11-14 17:21 - 2017-10-21 07:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
    2017-11-14 17:21 - 2017-10-20 09:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
    2017-11-14 17:21 - 2017-10-20 00:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2017-11-14 03:44 - 2017-11-14 03:44 - 000505768 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencbdc.sys
    2017-11-14 03:44 - 2017-11-14 03:44 - 000108456 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencrk.sys
    2017-11-14 03:44 - 2017-11-14 03:44 - 000031144 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfeclnrk.sys
    2017-11-14 01:07 - 2017-11-14 01:08 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2017-11-14 01:06 - 2017-11-14 01:07 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2017-11-14 01:06 - 2017-11-14 01:06 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2017-11-14 01:05 - 2017-11-14 01:05 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-11-14 01:05 - 2017-11-14 01:05 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-11-14 01:05 - 2017-11-14 01:05 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-11-14 01:05 - 2017-11-14 01:05 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-11-14 01:05 - 2017-11-14 01:05 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000000000 ____D C:\WINDOWS\containers
    2017-11-14 01:04 - 2017-11-14 01:04 - 000000000 ____D C:\Program Files\Reference Assemblies
    2017-11-14 01:04 - 2017-11-14 01:04 - 000000000 ____D C:\Program Files\MSBuild
    2017-11-14 01:04 - 2017-11-14 01:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2017-11-14 01:04 - 2017-11-14 01:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2017-11-14 01:03 - 2017-11-14 01:07 - 000000000 ____D C:\WINDOWS\system32\Intel
    2017-11-14 01:03 - 2017-11-14 01:03 - 000000000 ____D C:\WINDOWS\system32\cAVS
    2017-11-14 01:03 - 2017-09-28 18:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2017-11-14 01:03 - 2017-09-28 18:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2017-11-14 01:03 - 2017-09-28 18:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2017-11-14 01:03 - 2017-09-22 21:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2017-11-14 01:03 - 2017-09-22 21:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2017-11-14 01:03 - 2017-09-22 21:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2017-11-13 22:21 - 2017-12-07 02:48 - 000993452 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-11-13 22:19 - 2017-11-13 22:19 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2017-11-13 22:18 - 2017-11-13 22:18 - 000000000 ___RD C:\Users\Dave\3D Objects
    2017-11-13 22:18 - 2017-11-13 22:18 - 000000000 ___HD C:\Users\Dave\MicrosoftEdgeBackups
    2017-11-13 22:18 - 2017-11-13 22:18 - 000000000 ____D C:\ProgramData\USOShared
    2017-11-13 22:17 - 2017-11-13 22:17 - 000000020 ___SH C:\Users\Dave\ntuser.ini
    2017-11-13 22:16 - 2017-11-13 22:16 - 000011433 _____ C:\WINDOWS\diagwrn.xml
    2017-11-13 22:16 - 2017-11-13 22:16 - 000011433 _____ C:\WINDOWS\diagerr.xml
    2017-11-13 22:15 - 2017-12-07 02:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2017-11-13 22:15 - 2017-12-07 02:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-11-13 22:15 - 2017-12-06 10:41 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-11-13 22:15 - 2017-12-06 10:41 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-11-13 22:15 - 2017-12-06 10:41 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-11-13 22:15 - 2017-12-06 10:41 - 000002886 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2017-11-13 22:15 - 2017-12-06 10:41 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3039573215-2171798340-3334401019-1001
    2017-11-13 22:15 - 2017-12-06 10:41 - 000002470 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
    2017-11-13 22:15 - 2017-12-06 10:41 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2017-11-13 22:15 - 2017-12-05 04:19 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2017-11-13 22:15 - 2017-11-15 05:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2017-11-13 22:15 - 2017-11-13 22:15 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003874 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003508 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003506 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003430 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1487834999
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003314 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003284 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003250 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003178 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003162 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003056 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003044 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002942 _____ C:\WINDOWS\System32\Tasks\TrackerAutoUpdate
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002378 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002364 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002120 _____ C:\WINDOWS\System32\Tasks\Dell Cleanup
    2017-11-13 22:15 - 2017-11-13 22:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
    2017-11-13 22:14 - 2017-12-07 02:42 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2017-11-13 22:12 - 2017-11-14 17:23 - 000000000 ____D C:\Users\Dave\AppData\Local\Packages
    2017-11-13 22:12 - 2017-11-13 22:12 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-11-13 22:12 - 2017-11-13 22:12 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
    2017-11-13 22:11 - 2017-11-13 22:18 - 000000000 ____D C:\Users\Dave
    2017-11-13 22:11 - 2017-11-13 22:15 - 000000000 ____D C:\Users\defaultuser0
    2017-11-13 22:11 - 2017-11-13 22:11 - 000000000 ____D C:\Program Files\Waves
    2017-11-13 22:11 - 2017-11-13 22:11 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2017-11-13 22:11 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2017-11-13 22:11 - 2017-05-31 01:25 - 000113640 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2017-11-13 22:11 - 2016-11-22 19:23 - 000271648 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2017-11-13 22:11 - 2016-11-22 19:23 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2017-11-13 22:11 - 2016-11-22 19:22 - 000265504 _____ C:\WINDOWS\system32\vulkan-1.dll
    2017-11-13 22:11 - 2016-11-22 19:22 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2017-11-13 22:10 - 2017-12-06 22:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-11-13 22:10 - 2017-11-14 23:06 - 000346424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-11-13 07:48 - 2017-11-14 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-11-13 07:48 - 2017-11-13 07:48 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-11-13 07:48 - 2017-11-13 07:48 - 000000000 ____D C:\ProgramData\MB3CoreBackup
    2017-11-13 07:48 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-11-13 06:37 - 2017-12-07 02:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2017-11-13 05:26 - 2017-11-13 05:26 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2017-11-13 05:26 - 2017-11-13 05:26 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2017-11-13 05:26 - 2017-11-13 05:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2017-11-13 05:26 - 2017-11-13 05:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2017-11-08 13:26 - 2017-11-19 04:22 - 000000000 ___DC C:\WINDOWS\Panther

    ==================== One Month Modified files and folders ========

  4. #4
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    Below is part 4.


    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-07 02:47 - 2017-02-22 16:44 - 000000000 __SHD C:\Users\Dave\IntelGraphicsProfiles
    2017-12-07 02:42 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
    2017-12-07 02:41 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2017-12-07 01:59 - 2017-02-22 17:17 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Mozilla
    2017-12-06 06:10 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2017-12-06 06:09 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-12-06 06:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-12-05 03:40 - 2017-09-03 12:41 - 000001773 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QponPrinterV2.lnk
    2017-12-05 03:40 - 2017-09-03 12:41 - 000001745 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QponPrinterV2 Uninstaller.lnk
    2017-12-01 04:14 - 2017-07-11 22:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-11-30 13:06 - 2017-02-23 01:57 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
    2017-11-30 07:21 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-11-30 07:20 - 2017-01-16 13:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-11-28 19:48 - 2017-02-22 16:46 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Skype_old
    2017-11-25 03:41 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-11-23 02:11 - 2017-02-15 16:19 - 000000000 ____D C:\Program Files\Common Files\McAfee
    2017-11-22 00:29 - 2017-02-22 17:01 - 000000000 ____D C:\Users\Dave\AppData\Local\Comms
    2017-11-20 18:27 - 2017-02-22 17:48 - 000000000 ____D C:\Program Files (x86)\HP
    2017-11-20 18:27 - 2017-02-22 17:46 - 000000000 ____D C:\ProgramData\HP
    2017-11-19 04:21 - 2017-04-22 20:47 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2017-11-17 12:56 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
    2017-11-17 11:18 - 2017-02-23 02:28 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2017-11-15 19:34 - 2017-02-15 16:19 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2017-11-15 05:14 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2017-11-14 23:21 - 2017-02-22 17:17 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-11-14 23:21 - 2017-02-22 17:17 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Mozilla
    2017-11-14 23:21 - 2017-02-22 17:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2017-11-14 23:18 - 2017-06-07 05:14 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2017-11-14 23:05 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
    2017-11-14 17:34 - 2017-11-02 10:37 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-11-14 17:23 - 2017-11-02 10:37 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2017-11-14 17:23 - 2017-11-02 10:37 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-11-14 17:23 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-11-14 06:40 - 2017-02-23 01:53 - 000000000 ____D C:\ProgramData\Skype
    2017-11-14 06:23 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
    2017-11-14 01:09 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2017-11-14 01:08 - 2017-11-01 18:08 - 000000000 ____D C:\Program Files\UNP
    2017-11-14 01:08 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-11-14 01:08 - 2017-09-29 03:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
    2017-11-14 01:08 - 2017-09-18 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2017-11-14 01:08 - 2017-03-22 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2016
    2017-11-14 01:08 - 2017-03-01 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-11-14 01:08 - 2017-03-01 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
    2017-11-14 01:08 - 2017-02-28 10:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
    2017-11-14 01:08 - 2017-02-23 01:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.3
    2017-11-14 01:08 - 2017-02-23 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2017-11-14 01:08 - 2017-02-22 19:01 - 000000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
    2017-11-14 01:08 - 2017-02-22 17:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dell
    2017-11-14 01:08 - 2017-02-15 16:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2017-11-14 01:08 - 2017-02-15 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt(TM) Software
    2017-11-14 01:08 - 2017-02-15 16:15 - 000000000 ____D C:\Program Files\Intel
    2017-11-14 01:08 - 2017-02-15 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oem
    2017-11-14 01:08 - 2017-02-15 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2017-11-14 01:08 - 2017-01-16 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2017-11-14 01:08 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-11-14 01:08 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2017-11-14 01:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-11-14 01:07 - 2017-03-01 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
    2017-11-14 01:07 - 2017-02-23 01:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2017-11-14 01:07 - 2017-02-22 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
    2017-11-14 01:07 - 2017-02-15 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
    2017-11-14 01:07 - 2017-02-15 16:14 - 000000000 ____D C:\Program Files\Realtek
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\vi-VN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ur-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ug-CN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\tt-RU
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\tk-TM
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\te-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ta-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sw-KE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sq-AL
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\si-LK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\quz-PE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\prs-AF
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\pa-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\or-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\nn-NO
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ne-NP
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mt-MT
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mr-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mn-MN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ml-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mk-MK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\lo-LA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\lb-LU
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ky-KG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\kok-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\kn-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\km-KH
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ka-GE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\is-IS
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\id-ID
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\hy-AM
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\gu-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\gd-GB
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ga-IE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\fil-PH
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\fa-IR
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\cy-GB
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\bn-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\bn-BD
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\be-BY
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\as-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\am-ET
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\af-ZA
    2017-11-13 22:21 - 2017-02-22 16:46 - 000002366 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-11-13 22:21 - 2017-02-22 16:46 - 000000000 ___RD C:\Users\Dave\OneDrive
    2017-11-13 22:18 - 2017-02-22 16:44 - 000000000 ____D C:\Users\Dave\AppData\Local\TileDataLayer
    2017-11-13 22:18 - 2017-01-16 14:25 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-11-13 22:17 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2017-11-13 22:17 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
    2017-11-13 22:16 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
    2017-11-13 22:16 - 2017-02-22 17:11 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-11-13 22:15 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
    2017-11-13 22:12 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-11-13 22:11 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2017-11-13 22:11 - 2017-02-23 22:37 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudioPro.lnk
    2017-11-13 22:11 - 2017-02-23 22:37 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2017-11-13 22:11 - 2017-02-15 16:16 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
    2017-11-13 22:11 - 2017-02-15 16:15 - 000000000 ____D C:\WINDOWS\system32\RTCOM
    2017-11-13 22:11 - 2017-02-15 16:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
    2017-11-13 08:17 - 2017-04-04 07:50 - 000000000 ____D C:\Users\Dave\AppData\Local\Adobe


    Some files in TEMP:
    ====================
    2017-12-05 03:13 - 2017-12-05 03:40 - 000035680 _____ () C:\Users\Dave\AppData\Local\Temp\i4jdel0.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-12-04 11:20

    ==================== End of FRST.txt ============================

  5. #5
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    Below is the Addition log.



    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017
    Ran by Dave (07-12-2017 02:51:41)
    Running from C:\Users\Dave\Desktop
    Windows 10 Pro Version 1709 16299.64 (X64) (2017-11-14 03:17:47)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3039573215-2171798340-3334401019-500 - Administrator - Disabled)
    Dave (S-1-5-21-3039573215-2171798340-3334401019-1001 - Administrator - Enabled) => C:\Users\Dave
    DefaultAccount (S-1-5-21-3039573215-2171798340-3334401019-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-3039573215-2171798340-3334401019-1000 - Limited - Disabled) => C:\Users\defaultuser0
    Guest (S-1-5-21-3039573215-2171798340-3334401019-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-3039573215-2171798340-3334401019-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
    Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
    BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Canon L190/L410 Series (HKLM\...\{17A79A83-B95B-4ecf-99CE-BE1C0139D3A4}) (Version: 4.1.0.1 - CANON INC.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
    Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
    Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
    Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
    Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
    Dell SupportAssist Remediation (HKLM\...\{0E90A990-44A8-4C9C-9CA3-C68CA577419B}) (Version: 2.0.2.1835 - Dell Inc.) Hidden
    Dell SupportAssist Remediation (HKLM-x32\...\{cc46e7bd-06f4-45e0-8b67-3ccaca1e4755}) (Version: 2.0.2.1835 - Dell Inc.)
    Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
    Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
    Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
    Destinations (HKLM-x32\...\{D0DFDFA8-1C04-407B-9CB2-A25AB20DD54D}) (Version: 140.0.0.0 - Hewlett-Packard) Hidden
    Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
    DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 39.4.49 - Dropbox, Inc.)
    Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
    f.lux (HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\Flux) (Version: - f.lux Software LLC)
    FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    H&R Block Deluxe + Efile + State 2016 (HKLM-x32\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.6401 - HRB Technology, LLC.)
    H&R Block Pennsylvania 2016 (HKLM-x32\...\{BAECF4E0-1EB0-4CBA-A0D9-09BA014038A3}) (Version: 1.16.3501 - HRB Technology, LLC.)
    HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
    HP Scanjet G4010 (HKLM\...\{7723DE29-7966-4C5E-B909-A469CAF94DE4}) (Version: 14.5 - HP)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    hpg4010 (HKLM-x32\...\{198AC578-D06A-4426-8768-68ABA3713C8E}) (Version: 140.000.000.000 - Hewlett-Packard) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{5f5c7829-a6ba-4fc6-9f47-d068f51ed99b}) (Version: 10.1.1.35 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
    Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.317 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.1.1028 - Intel Corporation)
    Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
    Killer Bandwidth Control Filter Driver (HKLM\...\{A35733B2-A7FD-4FA9-BCB7-3DC27DC9D23D}) (Version: 1.1.64.1312 - Rivet Networks) Hidden
    Killer Network Manager (HKLM\...\{45076194-FF5E-4ACF-B499-39CA7A7EDCD8}) (Version: 1.1.64.1312 - Rivet Networks) Hidden
    Killer Wireless Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.64.1312 - Rivet Networks)
    Killer Wireless-AC Drivers (HKLM\...\{B9888CC1-5613-4DFD-A413-1AC193D7FEB8}) (Version: 1.1.64.1312 - Rivet Networks) Hidden
    LibreOffice 5.3.0.3 (HKLM-x32\...\{BB258465-D7F3-474E-8754-3436A75956D8}) (Version: 5.3.0.3 - The Document Foundation)
    Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
    McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.5 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
    Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
    OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
    P@H-Protocol (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
    PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.7 - Tracker Software Products Ltd)
    PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.4353 - Kakao Corp.)
    PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax)
    Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
    QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
    Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
    Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.16.321.2017 - Realtek)
    Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
    SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
    Scan (HKLM-x32\...\{A9CC8D58-397F-4241-86C7-5463274E9B08}) (Version: 14.0.1.0 - Hewlett-Packard) Hidden
    Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
    Thunderbolt(TM) Software (HKLM-x32\...\{10877131-EC3F-4F2F-97CD-2B8341D461D7}) (Version: 16.2.55.275 - Intel Corporation)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3039573215-2171798340-3334401019-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-14] (AVAST Software)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-14] (AVAST Software)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-11-02] (McAfee, Inc.)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-14] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki122459.inf_amd64_e5494748d53088c1\igfxDTCM.dll [2017-05-31] (Intel Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-14] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-11-02] (McAfee, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {11ECC96D-AAA0-45B0-8048-17F2214CD328} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-13] (Adobe Systems Incorporated)
    Task: {19E68DC4-D7D7-43E8-83BF-21638E2B78C2} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
    Task: {1FC74C1D-780E-421B-986D-B2D0153EE94B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-30] (DropboxOEM)
    Task: {224EBE27-E06F-43B2-BEFB-5F3B606A8FEB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
    Task: {32FFFE10-1362-4D3F-B3FA-B845DB183FCC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
    Task: {3971CEF9-AF00-4718-832B-F2C4B3FFF607} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {3A28C865-C729-4C3A-8302-4F8512CAEF0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
    Task: {493CBE5A-F479-4078-B908-6B812027EDF1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
    Task: {4C4DA8C4-D326-4E91-A335-376C5035FFDB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-14] (AVAST Software)
    Task: {5562B38C-C7F4-485F-A4AA-B375D621D00F} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2017-08-10] (Tracker Software Products (Canada) Ltd.)
    Task: {62205446-4BA8-4681-A983-B14F2875CE79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
    Task: {630B19F8-1E7D-456C-91C6-58A8953C424A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
    Task: {6312A992-D502-4EA6-A22C-5317A3B0453D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
    Task: {63561092-AFF4-43FD-A957-91899D263798} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
    Task: {77A13AA0-E80A-4169-B2E9-A456E8BCBFFF} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-10-05] (McAfee, Inc.)
    Task: {796BBF41-E9DE-4323-981E-656602D52BA8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-22] (Dropbox, Inc.)
    Task: {7F7AF50C-C544-40E9-94C5-A943A6B2BDF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
    Task: {8A002657-A710-4E9E-84CE-0A454A02F7CE} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.4.222\mcdatrep.exe [2017-11-30] (McAfee, LLC.)
    Task: {8A243D42-7AE0-4DA1-B1E2-DFA486C01320} - System32\Tasks\SafeZone scheduled Autoupdate 1487834999 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
    Task: {8E9DB208-4CD0-4CB2-9F1A-7842B54C1DDB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-31] ()
    Task: {8EFF5429-15AB-44F6-BD98-2BF877EE6947} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [2016-09-14] ()
    Task: {9D37D0DA-DFE9-4AE7-937B-10C4A141DDAA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {A374742D-EC83-4A14-BA99-53798A288202} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
    Task: {A4C9480F-6BD0-4957-A52B-0086ECCD92F7} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {A537F8FA-1E88-4AE8-87BB-29B873688818} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
    Task: {BB5E4F03-F92F-4E3E-B81F-3E716797BB5A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {C06A874E-115C-4888-83A9-330CE74917AE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {C4C62BFB-326D-4033-AA9A-BF681A6F5B76} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {C6ED068D-E970-43D0-92FB-1AA1D77F454B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-31] ()
    Task: {C74C2309-6C8F-4CF0-AC1E-BCD5B7F64D0B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-07] (AVAST Software)
    Task: {D3934809-4007-4EFD-AF84-092B780BB178} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-23] (Realtek Semiconductor)
    Task: {D814D8D3-646D-4ED9-99B3-329137840086} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
    Task: {DC2CB4FB-BB27-42EF-9BBE-A6B3949A1C0E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
    Task: {DC65CBAD-6284-4BCD-8028-775FB202D710} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-22] (Dropbox, Inc.)
    Task: {E239EE8A-CCEF-4925-9CBC-A1117EF9A3DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
    Task: {F021D4E8-EFA6-4C82-9190-D94AAF52E347} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
    Task: {F9CEB8AC-5733-4FEC-8F99-D79D22B0723A} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-09-11] (McAfee, Inc.)
    Task: {FD443151-DD26-46E7-9994-64C4DE17271B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-11-15 05:15 - 2017-11-02 15:00 - 001173968 _____ () C:\Program Files\McAfee\MSC\CSPEnrollmentHandler.dll
    2017-11-15 05:15 - 2017-11-02 15:00 - 001191040 _____ () C:\Program Files\McAfee\MSC\CultureChangeHandler.dll
    2017-11-15 05:15 - 2017-11-02 15:00 - 002277760 _____ () C:\Program Files\McAfee\MSC\CultureLookUpHandler.dll
    2017-11-13 07:48 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-07-11 13:05 - 2017-11-15 09:44 - 000587256 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
    2017-07-11 13:05 - 2017-11-15 09:44 - 000574352 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
    2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-09-29 08:42 - 2017-09-29 09:42 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-09-29 08:42 - 2017-09-29 09:42 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-04-30 13:43 - 2015-04-30 13:43 - 000090760 _____ () C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
    2016-12-21 11:24 - 2016-12-21 11:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
    2017-05-01 14:27 - 2017-05-01 14:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
    2016-08-30 03:19 - 2016-08-30 03:19 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
    2017-07-03 12:26 - 2017-07-03 12:26 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2017-11-14 23:18 - 2017-11-14 23:18 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\Control Panel\Desktop\\Wallpaper -> C:\A Copied Files From WD My Book External Drive\Desktop Pics\Nice house at night with palm trees and blue sky (pro football player house).jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "RtHDVBg_WAVES_SKYLAKE"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "EvtMgr6"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run32: => "Dropbox"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\StartupApproved\Run: => "f.lux"
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D6A527BA-2DCE-4E1D-A2EB-67319E66E27B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{B063EAF2-D785-4213-A91F-1D07896539E8}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
    FirewallRules: [{E813BEBC-AE0A-4DB4-A1D4-E053404EF8D3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
    FirewallRules: [{104EFE3C-7197-4C03-A8E6-16FBCECF8020}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
    FirewallRules: [{99C6FFB0-5BC0-4DB7-86C2-42860C2ADE6A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
    FirewallRules: [{C5B98B18-511F-449F-8E9A-DB7278E57715}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
    FirewallRules: [{18359C96-DFE0-4070-B4FB-0546DC14835E}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
    FirewallRules: [{3BED4902-6719-4505-B1E3-AD7FEEDE11BC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{D1ACD028-6508-4860-BF3E-257E94402C45}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{E048585C-92DC-4DD6-94CB-6E0CABF77639}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{019D1D77-DA2B-41E8-92C6-0CCC58AD2D60}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{55BC13B1-5DC7-48E2-922A-37D4E4E9CECE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6A49D0F4-FD52-436E-8D99-A3832F740EEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{510EC67F-9789-4B39-AE03-81520775360D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{AB1ACD5E-BB1B-45BC-8A8C-93618F3135DC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{1621782E-8426-4396-A787-702A0DB62ECD}] => (Allow) LPort=15600

    ==================== Restore Points =========================

    01-12-2017 10:09:14 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/05/2017 01:53:47 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [18] ERROR- Will skip not supported update! DLL:2.0.2.1835, Manifest:3.1.1.3832 #StackInfo#

    Error: (12/05/2017 01:53:47 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [18] ERROR- FindPartObjects() Lable not matched! TargetELLSUPPORT, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

    Error: (12/05/2017 01:53:47 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [18] ERROR- FindPartObjects() Lable not matched! TargetELLSUPPORT, Current:WINRETOOLS, Partition:PartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

    Error: (12/02/2017 11:49:00 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [13] ERROR- Will skip not supported update! DLL:2.0.2.1835, Manifest:3.1.1.3832 #StackInfo#

    Error: (12/02/2017 11:49:00 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [13] ERROR- FindPartObjects() Lable not matched! TargetELLSUPPORT, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

    Error: (12/02/2017 11:49:00 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [13] ERROR- FindPartObjects() Lable not matched! TargetELLSUPPORT, Current:WINRETOOLS, Partition:PartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

    Error: (11/29/2017 11:49:00 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [15] ERROR- Will skip not supported update! DLL:2.0.2.1835, Manifest:3.1.1.3832 #StackInfo#

    Error: (11/29/2017 11:49:00 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [15] ERROR- FindPartObjects() Lable not matched! TargetELLSUPPORT, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

    Error: (11/29/2017 11:49:00 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [15] ERROR- FindPartObjects() Lable not matched! TargetELLSUPPORT, Current:WINRETOOLS, Partition:PartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

    Error: (11/26/2017 08:47:42 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
    Description: [17] ERROR- Will skip not supported update! DLL:2.0.2.1835, Manifest:3.1.1.3832 #StackInfo#


    System errors:
    =============
    Error: (12/07/2017 02:47:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2017 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2017 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2017 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2017 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2017 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2017 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2017 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2017 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2017 02:42:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
    Percentage of memory in use: 34%
    Total physical RAM: 8079.94 MB
    Available physical RAM: 5309.38 MB
    Total Virtual: 11791.94 MB
    Available Virtual: 8827.6 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:226.93 GB) (Free:152.83 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: 2DA2EF21)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  6. #6
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    Below is part 2 of the logs.


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{b9a19b69-a734-48db-98b2-917756a1b192}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{f2eb771a-d182-42e8-8572-06bbba317f1e}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
    SearchScopes: HKU\S-1-5-21-3039573215-2171798340-3334401019-1001 -> DefaultScope {AA46FD43-3E7C-46E4-BE54-10D29E1670CF} URL =
    SearchScopes: HKU\S-1-5-21-3039573215-2171798340-3334401019-1001 -> {AA46FD43-3E7C-46E4-BE54-10D29E1670CF} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-16] (Microsoft Corporation)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
    BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
    BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-30] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-11-02] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-11-02] (McAfee, Inc.)

    FireFox:
    ========
    FF DefaultProfile: n9jpby9j.default
    FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n9jpby9j.default [2017-12-07]
    FF Homepage: Mozilla\Firefox\Profiles\n9jpby9j.default
    hxxps://mail.google.com/mail/#inbox
    FF Extension: (Avast SafePrice) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n9jpby9j.default\Extensions\sp@avast.com.xpi [2017-12-05]
    FF Extension: (uBlock Origin) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n9jpby9j.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-29]
    FF Extension: (Avast Online Security) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n9jpby9j.default\Extensions\wrc@avast.com.xpi [2017-10-10]
    FF Extension: (Video DownloadHelper) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n9jpby9j.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-11-14]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-09-30]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] [Lagacy]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-02-23] [Lagacy] [not signed]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-11-15] [Lagacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-13] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-11-02] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-13] ()
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-11-02] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default [2017-12-07]
    CHR Extension: (Slides) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
    CHR Extension: (Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
    CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-22]
    CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-22]
    CHR Extension: (uBlock Origin) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-04]
    CHR Extension: (Sheets) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-22]
    CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
    CHR Extension: (Avast Online Security) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
    CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-22]
    CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-14] (AVAST Software)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Windows (R) Win 7 DDK provider)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-14] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
    S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-22] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-22] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-13] (Dropbox, Inc.)
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
    R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
    R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
    R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
    R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [121376 2016-11-28] (Dell)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
    R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-02] (Intel Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-06] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
    R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-09-22] (Rivet Networks)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-10-16] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728296 2017-10-24] (McAfee, Inc.)
    S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe [2145496 2017-09-27] (McAfee, Inc.)
    S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-14] (McAfee LLC)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-14] (McAfee LLC)
    R3 mfevtp; C:\Windows\system32\mfevtps.exe [466384 2017-09-14] (McAfee LLC)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1622856 2017-10-24] (McAfee, Inc.)
    R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.)
    R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [329736 2016-11-23] (Realtek Semiconductor)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-29] (Microsoft Corporation)
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
    S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2018024 2016-11-16] (Intel Corporation)
    R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
    S2 0180571511421072mcinstcleanup; C:\WINDOWS\TEMP\018057~1.EXE -cleanup -nolog [X]

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ======================================

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  8. #8
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    Hi, Broni. I just want to start out thanking you in advance for your help. It is greatly appreciated.

    Below is a copy of the RogueKiller report.

    RogueKiller V12.11.27.0 (x64) [Dec 4 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.16299) 64 bits version
    Started in : Normal mode
    User : Dave [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 12/07/2017 23:51:55 (Duration : 00:21:00)
    Switches : -refid

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 5 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0180571511421072mcinstcleanup (C:\WINDOWS\TEMP\018057~1.EXE -cleanup -nolog) -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3039573215-2171798340-3334401019-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3039573215-2171798340-3334401019-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3039573215-2171798340-3334401019-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3039573215-2171798340-3334401019-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 2 ¤¤¤
    [PUP.Gen1][Folder] C:\Program Files (x86)\Digital Coupon Printer -> Removed at reboot [91]
    [PUP.Gen1][File] C:\Program Files (x86)\Digital Coupon Printer\about.txt -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe -> ERROR [5]
    [PUP.Gen1][File] C:\Program Files (x86)\Digital Coupon Printer\libgcc_s_sjlj-1.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Digital Coupon Printer\libstdc++-6.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Digital Coupon Printer\libwinpthread-1.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Digital Coupon Printer\wkhtmltoimage.exe -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\PrintMyCouponAnywhere -> Removed at reboot [91]
    [PUP.Gen1][File] C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe -> ERROR [5]

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][Firefox:Config] n9jpby9j.default : user_pref("browser.startup.homepage", "https://mail.google.com/mail/#inbox"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: NVMe THNSN5256GPUK NV +++++
    --- User ---
    [MBR] 1ff6f87374ed29cda0257c44ac6052cb
    [BSP] 9526c57b04bfb6b9f7a7cd94413d5d65 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1026048 | Size: 128 MB
    2 - Basic data partition | Offset (sectors): 1288192 | Size: 232372 MB
    3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 477186048 | Size: 450 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 478107648 | Size: 9640 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 497852416 | Size: 1106 MB
    User = LL1 ... OK
    Error reading LL2 MBR! NOT VALID!



    Below is a copy of the Malwarebytes report.

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 12/8/17
    Scan Time: 12:44 AM
    Log File: de077064-dbda-11e7-a7a6-9cb6d0d7cdb8.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.262
    Update Package Version: 1.0.3442
    License: Free

    -System Information-
    OS: Windows 10 (Build 16299.64)
    CPU: x64
    File System: NTFS
    User: DESKTOP-3MAKK5S\Dave

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 320412
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 1 min, 1 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)



    I downloaded AdwCleaner. When I went to run the scan, it began for a few seconds and then my Avast AV program moved it to the virus chest. I opened Avast and clicked to restore AdwCleaner in the chest and it moved it back to my desktop folder. I attempted again to run the scan with the same results, as just stated. How should I proceed? Should I disable Avast AV, so I can run the AdwCleaner scan?

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Yes, disable Avast momentarily.

  10. #10
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    Broni, I attempted to run AdwCleaner. First, it updated the software, then scanned folders, then files, then registry, and then scanned firefox. During the scanning of firefox, I received a popup message that stated "AdwCleaner stopped working - a problem caused the program to stop working correctly. Windows will close the program and will notify you if a solution is available." I tried twice with same results.

  11. #11
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  12. #12
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    FRST log below part 1

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2017
    Ran by Dave (administrator) on DESKTOP-3MAKK5S (09-12-2017 13:48:04)
    Running from C:\Users\Dave\Desktop
    Loaded Profiles: Dave (Available Profiles: defaultuser0 & Dave)
    Platform: Windows 10 Pro Version 1709 16299.64 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122459.inf_amd64_e5494748d53088c1\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122459.inf_amd64_e5494748d53088c1\IntelCpHDCPSvc.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee LLC) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
    (McAfee LLC) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
    (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\McCSPServiceHost.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
    (Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
    (Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
    (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
    (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122459.inf_amd64_e5494748d53088c1\igfxEM.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-06] (Intel Corporation)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9080848 2016-11-23] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_WAVES_SKYLAKE] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1480712 2016-11-23] (Realtek Semiconductor)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-14] (AVAST Software)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
    HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49976 2014-08-01] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] ()
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
    HKU\S-1-5-21-3039573215-2171798340-3334401019-1001\...\Run: [f.lux] => C:\Users\Dave\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)

  13. #13
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    FRST log part 3


    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-09 13:48 - 2017-12-09 13:48 - 000043833 _____ C:\Users\Dave\Desktop\FRST.txt
    2017-12-09 13:47 - 2017-12-09 13:47 - 000000000 ____D C:\Users\Dave\Desktop\FRST-OlderVersion
    2017-12-09 13:08 - 2017-12-09 13:13 - 000000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
    2017-12-09 13:06 - 2017-12-09 13:06 - 008172032 _____ (Malwarebytes) C:\Users\Dave\Desktop\AdwCleaner.exe
    2017-12-08 00:50 - 2017-12-08 00:50 - 000000000 ___HD C:\$AV_ASW
    2017-12-08 00:49 - 2017-12-09 13:12 - 000000000 ____D C:\AdwCleaner
    2017-12-08 00:47 - 2017-12-08 00:47 - 000001242 _____ C:\Users\Dave\Desktop\Malwarebytes Report.txt
    2017-12-08 00:43 - 2017-12-08 00:43 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2017-12-08 00:43 - 2017-12-08 00:43 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-12-08 00:43 - 2017-12-08 00:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-12-08 00:43 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-12-08 00:40 - 2017-12-08 00:40 - 083316440 _____ (Malwarebytes ) C:\Users\Dave\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
    2017-12-08 00:22 - 2017-12-08 00:22 - 000000000 ____D C:\ProgramData\SWCUTemp
    2017-12-08 00:20 - 2017-12-08 00:20 - 000021837 _____ C:\Users\Dave\Desktop\rk_E839 ditto.txt
    2017-12-08 00:19 - 2017-12-08 00:36 - 000003360 _____ C:\Users\Dave\Desktop\rk_E839.txt
    2017-12-07 23:51 - 2017-12-07 23:51 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-12-07 23:50 - 2017-12-07 23:50 - 000000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2017-12-07 23:50 - 2017-12-07 23:50 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-12-07 23:50 - 2017-12-07 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-12-07 23:50 - 2017-12-07 23:50 - 000000000 ____D C:\Program Files\RogueKiller
    2017-12-07 23:47 - 2017-12-07 23:47 - 036195904 _____ (Adlice Software ) C:\Users\Dave\Desktop\RogueKiller_setup_ref3.exe
    2017-12-07 18:48 - 2017-12-07 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-12-07 02:51 - 2017-12-07 03:23 - 000077722 _____ C:\Users\Dave\Desktop\FRST day 1.txt
    2017-12-07 02:51 - 2017-12-07 02:51 - 000097660 _____ C:\Users\Dave\Desktop\FRST2 day 1.txt
    2017-12-07 02:51 - 2017-12-07 02:51 - 000042919 _____ C:\Users\Dave\Desktop\Addition.txt
    2017-12-07 02:50 - 2017-12-07 02:50 - 000000000 ____D C:\Program Files\Common Files\Avast Software
    2017-12-07 02:34 - 2017-12-09 13:48 - 000000000 ____D C:\FRST
    2017-12-07 02:31 - 2017-12-09 13:47 - 002390528 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
    2017-12-07 02:31 - 2017-12-07 02:32 - 000000000 ____D C:\A
    2017-12-05 03:40 - 2017-12-05 03:40 - 026783176 _____ (Qples Inc) C:\Users\Dave\Downloads\QponPrinter.exe
    2017-12-04 20:06 - 2017-12-04 20:06 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2017-12-04 20:06 - 2017-12-04 20:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2017-12-04 20:06 - 2017-12-04 20:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2017-12-04 20:06 - 2017-12-04 20:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2017-11-28 19:50 - 2017-12-06 00:16 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Skype
    2017-11-23 13:37 - 2017-12-08 00:16 - 000000000 ____D C:\Program Files (x86)\Digital Coupon Printer
    2017-11-23 13:37 - 2017-11-23 13:37 - 000000000 ____D C:\Users\Dave\AppData\Local\Hopster
    2017-11-20 18:27 - 2017-11-20 18:27 - 000002292 _____ C:\Users\Public\Desktop\HP Copy (G4010).lnk
    2017-11-20 18:27 - 2017-11-20 18:27 - 000002264 _____ C:\Users\Public\Desktop\HP Scanning (G4010).lnk
    2017-11-20 18:27 - 2017-11-20 18:27 - 000000000 ____D C:\Users\Dave\AppData\Roaming\HpUpdate
    2017-11-20 18:27 - 2017-11-20 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2017-11-20 18:14 - 2017-11-20 18:14 - 000000000 ____D C:\Users\Dave\AppData\Local\DBG
    2017-11-18 17:31 - 2017-11-18 17:31 - 000000000 ____D C:\Program Files (x86)\Valassis
    2017-11-14 23:18 - 2017-11-14 23:18 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2017-11-14 23:18 - 2017-11-14 23:18 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2017-11-14 17:21 - 2017-10-25 04:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2017-11-14 17:21 - 2017-10-25 04:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
    2017-11-14 17:21 - 2017-10-25 04:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2017-11-14 17:21 - 2017-10-25 03:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2017-11-14 17:21 - 2017-10-25 03:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
    2017-11-14 17:21 - 2017-10-25 03:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
    2017-11-14 17:21 - 2017-10-25 01:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
    2017-11-14 17:21 - 2017-10-24 23:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
    2017-11-14 17:21 - 2017-10-24 23:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2017-11-14 17:21 - 2017-10-24 23:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-11-14 17:21 - 2017-10-24 23:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
    2017-11-14 17:21 - 2017-10-24 23:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2017-11-14 17:21 - 2017-10-24 23:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
    2017-11-14 17:21 - 2017-10-24 23:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-11-14 17:21 - 2017-10-24 23:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2017-11-14 17:21 - 2017-10-24 23:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2017-11-14 17:21 - 2017-10-24 23:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-11-14 17:21 - 2017-10-24 23:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2017-11-14 17:21 - 2017-10-24 23:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-11-14 17:21 - 2017-10-24 23:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-11-14 17:21 - 2017-10-24 23:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
    2017-11-14 17:21 - 2017-10-24 23:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2017-11-14 17:21 - 2017-10-24 23:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-11-14 17:21 - 2017-10-24 23:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2017-11-14 17:21 - 2017-10-24 23:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
    2017-11-14 17:21 - 2017-10-24 23:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2017-11-14 17:21 - 2017-10-24 23:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-11-14 17:21 - 2017-10-24 23:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2017-11-14 17:21 - 2017-10-24 23:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2017-11-14 17:21 - 2017-10-24 23:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2017-11-14 17:21 - 2017-10-24 23:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2017-11-14 17:21 - 2017-10-24 23:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-11-14 17:21 - 2017-10-24 23:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-11-14 17:21 - 2017-10-24 23:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2017-11-14 17:21 - 2017-10-24 23:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-11-14 17:21 - 2017-10-24 23:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
    2017-11-14 17:21 - 2017-10-24 23:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2017-11-14 17:21 - 2017-10-24 23:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2017-11-14 17:21 - 2017-10-24 22:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2017-11-14 17:21 - 2017-10-24 22:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-11-14 17:21 - 2017-10-24 22:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2017-11-14 17:21 - 2017-10-24 22:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
    2017-11-14 17:21 - 2017-10-24 22:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-11-14 17:21 - 2017-10-24 22:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2017-11-14 17:21 - 2017-10-24 22:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-11-14 17:21 - 2017-10-24 22:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
    2017-11-14 17:21 - 2017-10-24 22:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-11-14 17:21 - 2017-10-24 22:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-11-14 17:21 - 2017-10-24 22:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-11-14 17:21 - 2017-10-24 22:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
    2017-11-14 17:21 - 2017-10-24 22:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
    2017-11-14 17:21 - 2017-10-24 22:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
    2017-11-14 17:21 - 2017-10-24 22:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-11-14 17:21 - 2017-10-24 22:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
    2017-11-14 17:21 - 2017-10-24 22:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2017-11-14 17:21 - 2017-10-24 22:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-11-14 17:21 - 2017-10-24 22:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2017-11-14 17:21 - 2017-10-24 22:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
    2017-11-14 17:21 - 2017-10-24 22:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
    2017-11-14 17:21 - 2017-10-24 22:13 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2017-11-14 17:21 - 2017-10-24 22:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-11-14 17:21 - 2017-10-24 22:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2017-11-14 17:21 - 2017-10-24 22:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2017-11-14 17:21 - 2017-10-24 22:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-11-14 17:21 - 2017-10-24 22:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2017-11-14 17:21 - 2017-10-24 22:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
    2017-11-14 17:21 - 2017-10-24 22:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-11-14 17:21 - 2017-10-24 22:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-11-14 17:21 - 2017-10-24 22:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2017-11-14 17:21 - 2017-10-24 22:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-11-14 17:21 - 2017-10-24 22:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-11-14 17:21 - 2017-10-24 22:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2017-11-14 17:21 - 2017-10-24 22:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-11-14 17:21 - 2017-10-24 22:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
    2017-11-14 17:21 - 2017-10-24 22:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
    2017-11-14 17:21 - 2017-10-24 22:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
    2017-11-14 17:21 - 2017-10-24 22:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-11-14 17:21 - 2017-10-24 22:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-11-14 17:21 - 2017-10-24 22:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-11-14 17:21 - 2017-10-24 22:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
    2017-11-14 17:21 - 2017-10-24 22:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
    2017-11-14 17:21 - 2017-10-24 22:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
    2017-11-14 17:21 - 2017-10-24 22:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2017-11-14 17:21 - 2017-10-24 22:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2017-11-14 17:21 - 2017-10-24 22:01 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2017-11-14 17:21 - 2017-10-24 22:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-11-14 17:21 - 2017-10-24 21:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-11-14 17:21 - 2017-10-24 21:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2017-11-14 17:21 - 2017-10-24 21:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-11-14 17:21 - 2017-10-24 21:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2017-11-14 17:21 - 2017-10-24 21:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2017-11-14 17:21 - 2017-10-24 21:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-11-14 17:21 - 2017-10-24 21:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2017-11-14 17:21 - 2017-10-24 21:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
    2017-11-14 17:21 - 2017-10-21 07:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
    2017-11-14 17:21 - 2017-10-20 09:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
    2017-11-14 17:21 - 2017-10-20 00:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2017-11-14 03:44 - 2017-11-14 03:44 - 000505768 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencbdc.sys
    2017-11-14 03:44 - 2017-11-14 03:44 - 000108456 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencrk.sys
    2017-11-14 03:44 - 2017-11-14 03:44 - 000031144 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfeclnrk.sys
    2017-11-14 01:07 - 2017-11-14 01:08 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2017-11-14 01:06 - 2017-11-14 01:07 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2017-11-14 01:06 - 2017-11-14 01:06 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2017-11-14 01:05 - 2017-11-14 01:05 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-11-14 01:05 - 2017-11-14 01:05 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-11-14 01:05 - 2017-11-14 01:05 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-11-14 01:05 - 2017-11-14 01:05 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-11-14 01:05 - 2017-11-14 01:05 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-11-14 01:05 - 2017-11-14 01:05 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
    2017-11-14 01:05 - 2017-11-14 01:05 - 000000000 ____D C:\WINDOWS\containers
    2017-11-14 01:04 - 2017-11-14 01:04 - 000000000 ____D C:\Program Files\Reference Assemblies
    2017-11-14 01:04 - 2017-11-14 01:04 - 000000000 ____D C:\Program Files\MSBuild
    2017-11-14 01:04 - 2017-11-14 01:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2017-11-14 01:04 - 2017-11-14 01:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2017-11-14 01:03 - 2017-11-14 01:07 - 000000000 ____D C:\WINDOWS\system32\Intel
    2017-11-14 01:03 - 2017-11-14 01:03 - 000000000 ____D C:\WINDOWS\system32\cAVS
    2017-11-14 01:03 - 2017-09-28 18:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2017-11-14 01:03 - 2017-09-28 18:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2017-11-14 01:03 - 2017-09-28 18:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2017-11-14 01:03 - 2017-09-22 21:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2017-11-14 01:03 - 2017-09-22 21:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2017-11-14 01:03 - 2017-09-22 21:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2017-11-13 22:21 - 2017-12-08 09:25 - 001036452 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-11-13 22:19 - 2017-11-13 22:19 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2017-11-13 22:18 - 2017-11-13 22:18 - 000000000 ___RD C:\Users\Dave\3D Objects
    2017-11-13 22:18 - 2017-11-13 22:18 - 000000000 ___HD C:\Users\Dave\MicrosoftEdgeBackups
    2017-11-13 22:18 - 2017-11-13 22:18 - 000000000 ____D C:\ProgramData\USOShared
    2017-11-13 22:17 - 2017-11-13 22:17 - 000000020 ___SH C:\Users\Dave\ntuser.ini
    2017-11-13 22:16 - 2017-11-13 22:16 - 000011433 _____ C:\WINDOWS\diagwrn.xml
    2017-11-13 22:16 - 2017-11-13 22:16 - 000011433 _____ C:\WINDOWS\diagerr.xml
    2017-11-13 22:15 - 2017-12-08 00:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-11-13 22:15 - 2017-12-07 02:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2017-11-13 22:15 - 2017-12-06 10:41 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-11-13 22:15 - 2017-12-06 10:41 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-11-13 22:15 - 2017-12-06 10:41 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-11-13 22:15 - 2017-12-06 10:41 - 000002886 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2017-11-13 22:15 - 2017-12-06 10:41 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3039573215-2171798340-3334401019-1001
    2017-11-13 22:15 - 2017-12-06 10:41 - 000002470 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
    2017-11-13 22:15 - 2017-12-06 10:41 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2017-11-13 22:15 - 2017-12-05 04:19 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2017-11-13 22:15 - 2017-11-15 05:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2017-11-13 22:15 - 2017-11-13 22:15 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003874 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003508 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003506 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003430 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1487834999
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003314 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003284 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003250 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003178 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003162 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003056 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
    2017-11-13 22:15 - 2017-11-13 22:15 - 000003044 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002942 _____ C:\WINDOWS\System32\Tasks\TrackerAutoUpdate
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002378 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002364 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
    2017-11-13 22:15 - 2017-11-13 22:15 - 000002120 _____ C:\WINDOWS\System32\Tasks\Dell Cleanup
    2017-11-13 22:15 - 2017-11-13 22:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
    2017-11-13 22:12 - 2017-11-14 17:23 - 000000000 ____D C:\Users\Dave\AppData\Local\Packages
    2017-11-13 22:12 - 2017-11-13 22:12 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-11-13 22:12 - 2017-11-13 22:12 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
    2017-11-13 22:11 - 2017-11-13 22:18 - 000000000 ____D C:\Users\Dave
    2017-11-13 22:11 - 2017-11-13 22:15 - 000000000 ____D C:\Users\defaultuser0
    2017-11-13 22:11 - 2017-11-13 22:11 - 000000000 ____D C:\Program Files\Waves
    2017-11-13 22:11 - 2017-11-13 22:11 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2017-11-13 22:11 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2017-11-13 22:11 - 2017-05-31 01:25 - 000113640 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2017-11-13 22:11 - 2016-11-22 19:23 - 000271648 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2017-11-13 22:11 - 2016-11-22 19:23 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2017-11-13 22:11 - 2016-11-22 19:22 - 000265504 _____ C:\WINDOWS\system32\vulkan-1.dll
    2017-11-13 22:11 - 2016-11-22 19:22 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2017-11-13 22:10 - 2017-12-09 01:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-11-13 22:10 - 2017-11-14 23:06 - 000346424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-11-13 07:48 - 2017-11-13 07:48 - 000000000 ____D C:\ProgramData\MB3CoreBackup
    2017-11-13 06:37 - 2017-12-09 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

  14. #14
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    FRST log part 4

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-09 10:53 - 2017-02-22 16:44 - 000000000 __SHD C:\Users\Dave\IntelGraphicsProfiles
    2017-12-09 01:55 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
    2017-12-08 21:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2017-12-08 21:39 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-12-08 21:39 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-12-08 13:29 - 2017-02-22 17:17 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Mozilla
    2017-12-08 12:19 - 2017-02-22 16:45 - 000000000 ____D C:\Users\Dave\Dropbox
    2017-12-08 00:43 - 2017-03-01 00:05 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-12-08 00:21 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2017-12-08 00:15 - 2017-02-22 17:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2017-12-08 00:13 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-12-07 18:48 - 2017-02-15 16:19 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2017-12-05 03:40 - 2017-09-03 12:41 - 000001773 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QponPrinterV2.lnk
    2017-12-05 03:40 - 2017-09-03 12:41 - 000001745 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QponPrinterV2 Uninstaller.lnk
    2017-12-01 04:14 - 2017-07-11 22:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-11-30 13:06 - 2017-02-23 01:57 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
    2017-11-30 07:21 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-11-30 07:20 - 2017-01-16 13:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-11-28 19:48 - 2017-02-22 16:46 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Skype_old
    2017-11-25 03:41 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-11-23 02:11 - 2017-02-15 16:19 - 000000000 ____D C:\Program Files\Common Files\McAfee
    2017-11-22 00:29 - 2017-02-22 17:01 - 000000000 ____D C:\Users\Dave\AppData\Local\Comms
    2017-11-20 18:27 - 2017-02-22 17:48 - 000000000 ____D C:\Program Files (x86)\HP
    2017-11-20 18:27 - 2017-02-22 17:46 - 000000000 ____D C:\ProgramData\HP
    2017-11-19 04:22 - 2017-11-08 13:26 - 000000000 ___DC C:\WINDOWS\Panther
    2017-11-19 04:21 - 2017-04-22 20:47 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2017-11-17 12:56 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
    2017-11-17 11:18 - 2017-02-23 02:28 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2017-11-15 05:14 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2017-11-14 23:21 - 2017-02-22 17:17 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-11-14 23:21 - 2017-02-22 17:17 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Mozilla
    2017-11-14 23:18 - 2017-06-07 05:14 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2017-11-14 23:18 - 2017-02-23 02:28 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-11-14 23:05 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2017-11-14 23:05 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
    2017-11-14 17:34 - 2017-11-02 10:37 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-11-14 17:23 - 2017-11-02 10:37 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2017-11-14 17:23 - 2017-11-02 10:37 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-11-14 06:40 - 2017-02-23 01:53 - 000000000 ____D C:\ProgramData\Skype
    2017-11-14 06:23 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
    2017-11-14 01:09 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2017-11-14 01:08 - 2017-11-01 18:08 - 000000000 ____D C:\Program Files\UNP
    2017-11-14 01:08 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-11-14 01:08 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-11-14 01:08 - 2017-09-29 03:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
    2017-11-14 01:08 - 2017-09-18 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2017-11-14 01:08 - 2017-03-22 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2016
    2017-11-14 01:08 - 2017-03-01 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-11-14 01:08 - 2017-03-01 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
    2017-11-14 01:08 - 2017-02-28 10:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
    2017-11-14 01:08 - 2017-02-23 01:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.3
    2017-11-14 01:08 - 2017-02-23 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2017-11-14 01:08 - 2017-02-22 19:01 - 000000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
    2017-11-14 01:08 - 2017-02-22 17:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dell
    2017-11-14 01:08 - 2017-02-15 16:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2017-11-14 01:08 - 2017-02-15 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt(TM) Software
    2017-11-14 01:08 - 2017-02-15 16:15 - 000000000 ____D C:\Program Files\Intel
    2017-11-14 01:08 - 2017-02-15 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oem
    2017-11-14 01:08 - 2017-02-15 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2017-11-14 01:08 - 2017-01-16 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2017-11-14 01:08 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-11-14 01:08 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2017-11-14 01:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-11-14 01:07 - 2017-03-01 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
    2017-11-14 01:07 - 2017-02-23 01:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2017-11-14 01:07 - 2017-02-22 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
    2017-11-14 01:07 - 2017-02-15 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
    2017-11-14 01:07 - 2017-02-15 16:14 - 000000000 ____D C:\Program Files\Realtek
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\vi-VN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ur-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ug-CN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\tt-RU
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\tk-TM
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\te-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ta-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sw-KE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sq-AL
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\si-LK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\quz-PE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\prs-AF
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\pa-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\or-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\nn-NO
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ne-NP
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mt-MT
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mr-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mn-MN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ml-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mk-MK
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\lo-LA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\lb-LU
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ky-KG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\kok-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\kn-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\km-KH
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ka-GE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\is-IS
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\id-ID
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\hy-AM
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\gu-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\gd-GB
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ga-IE
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\fil-PH
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\fa-IR
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\cy-GB
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\bn-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\bn-BD
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\be-BY
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\as-IN
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\am-ET
    2017-11-14 01:05 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\af-ZA
    2017-11-13 22:21 - 2017-02-22 16:46 - 000002366 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-11-13 22:21 - 2017-02-22 16:46 - 000000000 ___RD C:\Users\Dave\OneDrive
    2017-11-13 22:18 - 2017-02-22 16:44 - 000000000 ____D C:\Users\Dave\AppData\Local\TileDataLayer
    2017-11-13 22:18 - 2017-01-16 14:25 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-11-13 22:17 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2017-11-13 22:17 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
    2017-11-13 22:16 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
    2017-11-13 22:16 - 2017-02-22 17:11 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-11-13 22:15 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
    2017-11-13 22:12 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-11-13 22:11 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2017-11-13 22:11 - 2017-02-23 22:37 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudioPro.lnk
    2017-11-13 22:11 - 2017-02-23 22:37 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2017-11-13 22:11 - 2017-02-15 16:16 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
    2017-11-13 22:11 - 2017-02-15 16:15 - 000000000 ____D C:\WINDOWS\system32\RTCOM
    2017-11-13 22:11 - 2017-02-15 16:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
    2017-11-13 08:17 - 2017-04-04 07:50 - 000000000 ____D C:\Users\Dave\AppData\Local\Adobe

  15. #15
    JLS is offline Virtual PC Specialist!!!
    Join Date
    Apr 2002
    Posts
    3,708
    FRST log part 5


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-12-04 11:20

    ==================== End of FRST.txt ============================

Thread Information

Users Browsing this Thread

There are currently 15 users browsing this thread. (0 members and 15 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •