Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Infected - Please Help


  • Please log in to reply

#1
UneekOne

UneekOne

    Member

  • Member
  • PipPip
  • 20 posts

Hi, my PC has become infected, I am constantly getting pop-up ads, additional tabs and also my search box is disabled and my start button doesn't work. No sound either

 

I appreciate any and all help.

 

I have pasted the logs from my scan below:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by Maeve (administrator) on MAEVE (23-06-2017 18:47:28)
Running from C:\Users\Maeve\Desktop
Loaded Profiles: Maeve (Available Profiles: Maeve)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAOsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAO.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(PC Drivers Headquarters LP) C:\Program Files (x86)\Driver Support\DriverSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Maeve\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(The CefSharp Authors) C:\Users\Maeve\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(AppWork GmbH) C:\Users\Maeve\AppData\Local\JDownloader v2.0\JDownloader2.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(The CefSharp Authors) C:\Users\Maeve\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3859456 2014-09-05] (Dell Inc.)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19491792 2014-10-17] (Entertainment Experience)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
Startup: C:\Users\Maeve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-08-01]
ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\Maeve\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe ()
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a61087d7-b5a8-422f-9d5e-4449f6f316fd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c5241180-27e7-4f08-b96f-6ace786adf7a}: [DhcpNameServer] 0.0.0.0
 
Internet Explorer:
==================
HKU\S-1-5-21-1947456416-407860107-2531499371-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1947456416-407860107-2531499371-1001 -> {39F104E0-9361-4682-A372-28C13B942F44} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311366&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1vtB5jAbV8%2BGdp8K4ePZ0AxQAd4lY0NhwRy05qznLN6CXGlfYs1rbSbKJqAMIv0%2FM%2FQ54a5PMh3rYx9rmNMROqOTSG%2FK6ZR7uGqoZSRu29rdFmqB4K7aRYvrYIk7bQxdnVUycidYUWeLm91EHKVzXA7v15g2BsycT06d2VUyJ7CGKYnymnel4TvuDXwUl16Vc%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1947456416-407860107-2531499371-1001 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: t16uvljl.default
FF ProfilePath: C:\Users\Maeve\AppData\Roaming\Mozilla\Firefox\Profiles\t16uvljl.default [2017-06-23]
FF NewTab: Mozilla\Firefox\Profiles\t16uvljl.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311366&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1vtB5jAbV8%2BGdp8K4ePZ0AzcmbM8%2BYcPZ8YXOYGA7K8isabo%2FzixeHrMR3k9Htw2C1EG%2F9yUPhoRTaj9u7BV%2B5puYGCDRvMS3lFY2UAEd1J8LF40M4fNVOedAMoIJS8KLUindvTjJnIX%2BZ7Xb9ouFnWw4mSVJs79sk4GseQogvVUMYPkZU9467oB%2B8Q3gkYOc%3D
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\t16uvljl.default -> Yahoo powered search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\t16uvljl.default -> Yahoo powered search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\t16uvljl.default -> Yahoo powered search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t16uvljl.default -> Yahoo powered search
FF Homepage: Mozilla\Firefox\Profiles\t16uvljl.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311366&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1vtB5jAbV8%2BGdp8K4ePZ0AAveFfWeApFhe9LGhmP19smarIvrmtN%2FLQW0i0X4itisB9EnYvAHWZgQiuwKICULKANVlAUTxXsm2ImxgiKrKkx%2Fhcm8IdMugol5AjC9vsfIrcvDCnQKGi8ZftgS7xoAw4xQEAakvJiWGs5rBft1zrTRxIB8gC7Ai0QO%2FpECwn%2BU%3D
FF SearchPlugin: C:\Users\Maeve\AppData\Roaming\Mozilla\Firefox\Profiles\t16uvljl.default\searchplugins\Yahoo powered search.xml [2016-09-10]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://jmjhdkmgmjoajplaghemoloohbchppin/stubby.html", Not-active:"chrome-extension://agpiaamkfhnemlljkhdokbifadpkahfm/stubby.html"
CHR Profile: C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default [2017-06-23]
CHR Extension: (Google Slides) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-14]
CHR Extension: (Google Docs) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-14]
CHR Extension: (Google Drive) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Open with Google Drive™ Viewer) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkpinfdldjdngmgfbifbdbgaoampkan [2016-07-12]
CHR Extension: (YouTube) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (MapsAlly Offers) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnegagndjblonaeagbgonhdgnjpjlgbj [2017-05-30]
CHR Extension: (Google Search) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-14]
CHR Extension: (Booking.com for Chrome™) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2017-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (IncrediMail) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\npndnkjhbbmjlbcbmkkdkmfofjkaaahm [2015-12-21]
CHR Extension: (Gmail) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19]
CHR Profile: C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2017-04-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2017-04-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DSAO; C:\Program Files (x86)\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-22] (PC Drivers HeadQuarters LP)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-11] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [93648 2014-10-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-10-04] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
R3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 MpKsl038be83c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52FF3B49-914D-4979-98B4-8EEEB5B0569F}\MpKsl038be83c.sys [44928 2017-06-23] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-12-11] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-23 18:47 - 2017-06-23 18:48 - 00021007 _____ C:\Users\Maeve\Desktop\FRST.txt
2017-06-23 18:43 - 2017-06-23 18:47 - 00000000 ____D C:\FRST
2017-06-23 18:42 - 2017-06-23 18:42 - 02439680 _____ (Farbar) C:\Users\Maeve\Desktop\FRST64.exe
2017-06-23 18:33 - 2017-06-23 18:33 - 00000000 ___HD C:\$SysReset
2017-06-23 16:58 - 2017-06-23 16:58 - 00673366 _____ C:\Users\Maeve\Desktop\Cheesy Cajun Beef and Potato Bake - Points Recipes.pdf
2017-06-23 06:18 - 2017-06-23 06:18 - 00000000 ____D C:\Users\Maeve\Desktop\Birthday
2017-06-23 06:02 - 2017-06-23 06:02 - 00004566 _____ C:\Users\Maeve\Downloads\firstime.mid
2017-06-23 05:56 - 2017-06-23 06:17 - 00000000 ____D C:\Users\Maeve\Downloads\```````The Mist
2017-06-23 05:21 - 2017-06-21 07:15 - 3065556789 _____ C:\Users\Maeve\Downloads\Bottom.of.the.World.2017.1080p.WEBRip.x264-STRiFE.mkv
2017-06-23 04:59 - 2017-06-20 11:10 - 3913258075 _____ C:\Users\Maeve\Downloads\The Baby Moon.mkv
2017-06-23 04:57 - 2017-06-23 04:57 - 00038678 _____ C:\Users\Maeve\Desktop\easypointsww.com-SLOW COOKER LO MEIN.pdf
2017-06-23 04:35 - 2017-06-20 08:04 - 49125334 _____ C:\Users\Maeve\Downloads\Another Forever.mkv
2017-06-23 03:00 - 2017-06-22 22:21 - 801562095 _____ C:\Users\Maeve\Downloads\Kong Skull Island.mkv
2017-06-23 00:22 - 2017-06-23 00:22 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-23 00:20 - 2017-06-23 00:26 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-22 13:25 - 2017-06-22 13:25 - 00002119 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2017-06-22 13:24 - 2017-06-22 13:25 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-06-22 13:24 - 2017-06-22 13:24 - 00000000 ____D C:\Program Files\Dell Support Center
2017-06-22 02:43 - 2017-06-22 03:34 - 1275647472 _____ C:\Users\Maeve\Downloads\Queen Sugar-Season 2-Episode 1.mkv
2017-06-21 18:38 - 2017-06-21 18:38 - 00070098 _____ C:\Users\Maeve\Desktop\Simple Salisbury Steak.pdf
2017-06-20 22:24 - 2017-06-20 23:10 - 917984896 _____ C:\Users\Maeve\Downloads\Riviera-Season 1-Episode 1.mkv
2017-06-20 22:20 - 2017-06-20 22:40 - 1310157562 _____ C:\Users\Maeve\Downloads\Animal Kingdom-Season 2-Episode 4.mkv
2017-06-20 22:14 - 2017-06-20 07:17 - 63778458 _____ C:\Users\Maeve\Downloads\Heritage Falls-1080 WEB.mkv
2017-06-20 20:55 - 2017-06-20 08:09 - 1673869735 _____ C:\Users\Maeve\Downloads\Brightest Star-1080 WEB.mkv
2017-06-20 17:44 - 2017-06-20 10:56 - 3893111416 _____ C:\Users\Maeve\Downloads\Camera Store-1080 WEB.mkv
2017-06-20 15:08 - 2017-06-20 21:44 - 458789850 _____ C:\Users\Maeve\Downloads\The Dinner-1080 WEB.mkv
2017-06-20 04:58 - 2017-06-20 06:29 - 75289065 _____ C:\Users\Maeve\Downloads\Kong Skull Island-1080 WEB.mkv
2017-06-20 03:59 - 2017-06-20 13:37 - 1975885469 _____ C:\Users\Maeve\Downloads\The Zoo Keepers Wife.mkv
2017-06-20 02:28 - 2017-06-20 02:48 - 1082834064 _____ C:\Users\Maeve\Downloads\Stitchers-Season 3-Episode 3.mkv
2017-06-19 21:33 - 2017-06-20 04:01 - 3381463342 _____ C:\Users\Maeve\Downloads\All About The Money-1080 WEB.mkv
2017-06-19 21:09 - 2017-06-19 21:09 - 00075877 _____ C:\Users\Maeve\Desktop\CJs Toll Charge.pdf
2017-06-19 16:29 - 2017-06-19 16:29 - 00000997 _____ C:\Users\Maeve\Desktop\Glenn-Premier Lawn...Msg him.txt
2017-06-19 08:08 - 2017-06-19 08:31 - 3166527857 _____ C:\Users\Maeve\Downloads\The Crash-1080 WEB.mkv
2017-06-19 07:55 - 2017-06-18 15:00 - 4146447296 _____ C:\Users\Maeve\Downloads\Chronically Metropolitan.mkv
2017-06-19 05:07 - 2017-06-19 05:07 - 01407732 _____ C:\Users\Maeve\Desktop\GBSL16.pdf
2017-06-18 11:08 - 2017-06-18 11:09 - 00000000 ____D C:\Users\Maeve\Desktop\Trip Stuff
2017-06-18 06:46 - 2017-06-23 07:57 - 00000405 _____ C:\Users\Maeve\Desktop\To WA.txt
2017-06-17 16:07 - 2017-06-17 11:39 - 1968093830 _____ C:\Users\Maeve\Downloads\Song To Song.mkv
2017-06-17 12:29 - 2017-06-17 12:48 - 563204828 _____ C:\Users\Maeve\Downloads\Kingdom-Season 3-Episode 3.mp4
2017-06-17 12:28 - 2017-06-17 13:07 - 514946118 _____ C:\Users\Maeve\Downloads\Kingdom-Season 3-Episode 2.mp4
2017-06-17 06:10 - 2017-06-17 06:10 - 00107501 _____ C:\Users\Maeve\Desktop\CJs Duke Energy-July Bill.pdf
2017-06-15 15:38 - 2017-06-15 15:52 - 1160612070 _____ C:\Users\Maeve\Downloads\House.Husbands.S05E11.1080p.HDTV.H264-CBFM.mkv
2017-06-13 22:07 - 2017-06-03 02:32 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-13 22:07 - 2017-06-03 02:32 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-13 17:27 - 2017-06-13 17:27 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-06-13 17:22 - 2017-06-03 05:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 17:22 - 2017-06-03 05:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 17:22 - 2017-06-03 05:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 17:22 - 2017-06-03 05:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-13 17:22 - 2017-06-03 05:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 17:22 - 2017-06-03 05:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-13 17:22 - 2017-06-03 05:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 17:22 - 2017-06-03 05:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-13 17:22 - 2017-06-03 05:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-13 17:22 - 2017-06-03 05:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 17:22 - 2017-06-03 05:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 17:22 - 2017-06-03 05:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 17:22 - 2017-06-03 05:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 17:22 - 2017-06-03 05:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 17:22 - 2017-06-03 05:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 17:22 - 2017-06-03 05:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 17:22 - 2017-06-03 05:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-13 17:22 - 2017-06-03 05:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 17:22 - 2017-06-03 05:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-13 17:22 - 2017-06-03 05:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 17:22 - 2017-06-03 04:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 17:22 - 2017-06-03 04:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-13 17:22 - 2017-06-03 04:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 17:22 - 2017-06-03 04:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 17:22 - 2017-06-03 04:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-13 17:22 - 2017-06-03 04:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-13 17:22 - 2017-06-03 04:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 17:22 - 2017-06-03 04:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 17:22 - 2017-06-03 04:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 17:22 - 2017-06-03 04:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 17:22 - 2017-06-03 04:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 17:22 - 2017-06-03 04:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 17:22 - 2017-06-03 04:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-13 17:22 - 2017-06-03 04:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-13 17:22 - 2017-05-20 05:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-13 17:22 - 2017-05-20 04:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-13 17:22 - 2017-05-20 04:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-13 17:22 - 2017-05-20 04:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-13 17:22 - 2017-05-20 04:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-13 17:22 - 2017-05-20 04:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-13 17:22 - 2017-05-20 04:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-13 17:22 - 2017-05-20 04:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-13 17:22 - 2017-05-20 04:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-13 17:22 - 2017-05-20 04:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-13 17:22 - 2017-05-20 04:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-13 17:22 - 2017-05-20 04:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-13 17:22 - 2017-05-20 04:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-13 17:22 - 2017-05-20 04:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-13 17:22 - 2017-05-20 04:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-13 17:22 - 2017-05-20 04:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-13 17:22 - 2017-05-20 04:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-13 17:22 - 2017-05-20 04:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-13 17:22 - 2017-05-20 04:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-13 17:22 - 2017-05-20 04:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-13 17:22 - 2017-05-20 04:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-13 17:22 - 2017-05-20 04:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-13 17:22 - 2017-05-20 04:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-13 17:22 - 2017-05-20 04:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-13 17:22 - 2017-05-20 04:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-13 17:22 - 2017-05-20 04:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-13 17:22 - 2017-05-20 04:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-13 17:22 - 2017-05-20 04:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-13 17:22 - 2017-05-20 04:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-13 17:22 - 2017-05-20 04:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-13 17:22 - 2017-05-20 04:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-13 17:22 - 2017-05-20 04:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-13 17:22 - 2017-05-20 04:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-13 17:22 - 2017-05-20 04:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-13 17:22 - 2017-05-20 04:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-13 17:22 - 2017-05-20 04:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-13 17:22 - 2017-05-20 04:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-13 17:22 - 2017-05-20 04:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-13 17:22 - 2017-05-20 04:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-13 17:22 - 2017-05-20 04:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-13 17:22 - 2017-05-20 04:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-13 17:22 - 2017-05-20 04:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-13 17:22 - 2017-05-20 04:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-13 17:22 - 2017-05-20 04:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-13 17:22 - 2017-05-20 04:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-13 17:22 - 2017-05-20 04:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-13 17:22 - 2017-05-20 04:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-13 17:22 - 2017-05-20 04:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-13 17:22 - 2017-05-20 04:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-13 17:22 - 2017-05-20 04:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-13 17:22 - 2017-05-20 04:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-13 17:22 - 2017-05-20 04:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-13 17:22 - 2017-05-20 04:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-13 17:22 - 2017-05-20 04:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-13 17:22 - 2017-05-20 04:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-13 17:22 - 2017-05-20 04:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-13 17:22 - 2017-05-20 04:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-13 17:22 - 2017-05-20 04:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-13 17:20 - 2017-06-03 06:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 17:20 - 2017-06-03 06:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-13 17:20 - 2017-06-03 06:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 17:20 - 2017-06-03 05:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-13 17:20 - 2017-06-03 05:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 17:20 - 2017-06-03 05:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-13 17:20 - 2017-06-03 05:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-13 17:20 - 2017-06-03 05:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 17:20 - 2017-06-03 05:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 17:20 - 2017-06-03 05:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-13 17:20 - 2017-06-03 05:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 17:20 - 2017-06-03 05:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 17:20 - 2017-06-03 05:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 17:20 - 2017-06-03 05:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 17:20 - 2017-06-03 05:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 17:20 - 2017-06-03 05:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-13 17:20 - 2017-06-03 05:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 17:20 - 2017-06-03 05:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-13 17:20 - 2017-06-03 05:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 17:20 - 2017-06-03 05:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-13 17:20 - 2017-06-03 05:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 17:20 - 2017-06-03 05:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-13 17:20 - 2017-06-03 05:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-13 17:20 - 2017-06-03 05:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-13 17:20 - 2017-06-03 05:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 17:20 - 2017-06-03 05:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 17:20 - 2017-06-03 05:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 17:20 - 2017-06-03 04:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 17:20 - 2017-06-03 04:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 17:20 - 2017-06-03 04:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 17:20 - 2017-06-03 04:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 17:20 - 2017-06-03 04:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 17:20 - 2017-06-03 04:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-13 17:20 - 2017-06-03 04:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-13 17:20 - 2017-06-03 04:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-13 17:20 - 2017-05-20 03:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-13 17:20 - 2017-05-20 02:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-13 17:20 - 2017-05-20 02:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-13 17:20 - 2017-05-20 02:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-13 17:20 - 2017-05-20 02:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-13 17:20 - 2017-05-20 02:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 17:20 - 2017-05-20 02:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-13 17:20 - 2017-05-20 02:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 17:20 - 2017-05-20 02:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-13 17:20 - 2017-05-20 02:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-13 17:20 - 2017-05-20 02:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-13 17:20 - 2017-05-20 02:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-13 17:20 - 2017-05-20 02:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-13 17:20 - 2017-05-20 02:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-13 17:20 - 2017-05-20 02:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-13 17:20 - 2017-05-20 02:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-13 17:20 - 2017-05-20 02:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-13 17:20 - 2017-05-20 02:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-13 17:20 - 2017-05-20 02:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-13 17:20 - 2017-05-20 02:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-13 17:20 - 2017-05-20 02:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-13 17:20 - 2017-05-20 02:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-13 17:20 - 2017-05-20 02:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-13 17:20 - 2017-05-20 02:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-13 17:20 - 2017-05-20 02:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-13 17:20 - 2017-05-20 02:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-13 17:20 - 2017-05-20 02:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-13 17:20 - 2017-05-20 02:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-13 17:20 - 2017-05-20 02:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-13 17:20 - 2017-05-20 02:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-13 17:20 - 2017-05-20 02:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-13 17:20 - 2017-05-20 01:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-13 17:20 - 2017-05-20 01:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-13 17:20 - 2017-05-20 01:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-13 17:20 - 2017-05-20 01:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-13 17:20 - 2017-05-20 01:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-13 17:20 - 2017-05-20 01:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-13 17:20 - 2017-05-20 01:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-13 17:20 - 2017-05-20 01:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-13 17:20 - 2017-05-20 01:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-13 17:20 - 2017-05-20 01:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-13 17:20 - 2017-05-20 01:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-13 17:20 - 2017-05-20 01:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-13 17:20 - 2017-05-20 01:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-13 17:20 - 2017-05-20 01:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-13 17:20 - 2017-05-20 01:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-13 17:20 - 2017-05-20 01:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-13 17:19 - 2017-06-03 06:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 17:19 - 2017-06-03 06:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 17:19 - 2017-06-03 06:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 17:19 - 2017-06-03 06:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 17:19 - 2017-06-03 06:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 17:19 - 2017-06-03 06:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 17:19 - 2017-06-03 06:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 17:19 - 2017-06-03 06:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 17:19 - 2017-06-03 06:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 17:19 - 2017-06-03 06:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-13 17:19 - 2017-06-03 06:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-13 17:19 - 2017-06-03 06:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-13 17:19 - 2017-06-03 06:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-13 17:19 - 2017-06-03 05:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-13 17:19 - 2017-06-03 05:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-13 17:19 - 2017-06-03 05:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 17:19 - 2017-06-03 05:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-13 17:19 - 2017-06-03 05:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-13 17:19 - 2017-06-03 05:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 17:19 - 2017-06-03 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 17:19 - 2017-06-03 05:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 17:19 - 2017-06-03 05:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 17:19 - 2017-06-03 05:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-13 17:19 - 2017-06-03 05:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 17:19 - 2017-06-03 05:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 17:19 - 2017-06-03 05:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-13 17:19 - 2017-06-03 05:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 17:19 - 2017-06-03 05:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-13 17:19 - 2017-06-03 05:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-13 17:19 - 2017-06-03 04:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 17:19 - 2017-06-03 04:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 17:19 - 2017-06-03 04:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-13 17:19 - 2017-06-03 04:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 17:19 - 2017-06-03 04:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 17:19 - 2017-06-03 04:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 17:19 - 2017-06-03 04:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-13 17:19 - 2017-06-03 04:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-13 17:19 - 2017-05-20 03:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-13 17:19 - 2017-05-20 03:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 17:19 - 2017-05-20 03:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-13 17:19 - 2017-05-20 02:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-13 17:19 - 2017-05-20 02:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 17:19 - 2017-05-20 02:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-13 17:19 - 2017-05-20 02:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-13 17:19 - 2017-05-20 02:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-13 17:19 - 2017-05-20 02:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 17:19 - 2017-05-20 02:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-13 17:19 - 2017-05-20 02:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-13 17:19 - 2017-05-20 02:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-13 17:19 - 2017-05-20 02:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-13 17:19 - 2017-05-20 02:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-13 17:19 - 2017-05-20 02:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-13 17:19 - 2017-05-20 02:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-13 17:19 - 2017-05-20 02:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-13 17:19 - 2017-05-20 02:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-13 17:19 - 2017-05-20 02:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-13 17:19 - 2017-05-20 02:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-13 17:19 - 2017-05-20 02:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-13 17:19 - 2017-05-20 02:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-13 17:19 - 2017-05-20 02:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-13 17:19 - 2017-05-20 02:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-13 17:19 - 2017-05-20 02:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-13 17:19 - 2017-05-20 02:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-13 17:19 - 2017-05-20 02:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-13 17:19 - 2017-05-20 02:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-13 17:19 - 2017-05-20 02:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-13 17:19 - 2017-05-20 02:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-13 17:19 - 2017-05-20 02:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-13 17:19 - 2017-05-20 02:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-13 17:19 - 2017-05-20 02:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-13 17:19 - 2017-05-20 02:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-13 17:19 - 2017-05-20 02:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-13 17:19 - 2017-05-20 02:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-13 17:19 - 2017-05-20 02:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-13 17:19 - 2017-05-20 02:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-13 17:19 - 2017-05-20 02:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-13 17:19 - 2017-05-20 02:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-13 17:19 - 2017-05-20 01:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-13 17:19 - 2017-05-20 01:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-13 17:19 - 2017-05-20 01:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-13 17:19 - 2017-05-20 01:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-13 17:19 - 2017-05-20 01:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-13 17:19 - 2017-05-20 01:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-13 17:19 - 2017-05-20 01:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-13 17:19 - 2017-05-20 01:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-13 17:19 - 2017-05-20 01:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-13 17:19 - 2017-05-20 01:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-13 17:19 - 2017-05-20 01:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-13 17:19 - 2017-05-20 01:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-13 17:19 - 2017-05-20 01:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-13 17:19 - 2017-05-20 01:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-13 17:19 - 2017-05-20 01:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-13 17:19 - 2017-05-20 01:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-13 17:19 - 2017-05-20 01:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-13 17:19 - 2017-05-20 01:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-13 17:19 - 2017-05-20 01:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-13 17:19 - 2017-05-20 01:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-13 17:19 - 2017-05-20 01:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-10 21:41 - 2017-06-10 21:42 - 00000000 ____D C:\Users\Maeve\Downloads\``````Ancel
2017-06-06 03:29 - 2017-06-07 03:58 - 00001307 _____ C:\Users\Maeve\Desktop\ConvertXToDVD 7.lnk
2017-06-05 18:27 - 2017-06-19 04:49 - 00000000 ____D C:\Users\Maeve\Downloads\~~~~~~~~~~~~~~~~~~~~Fear The Walking Dead
2017-05-30 05:25 - 2017-05-30 05:25 - 00122281 _____ C:\Users\Maeve\Desktop\LabCorp_ Patient Appointment Scheduling.pdf
2017-05-28 05:01 - 2017-05-28 05:01 - 00000000 ____D C:\Users\Maeve\AppData\Local\PDFConverter.com
2017-05-28 05:00 - 2017-05-28 05:00 - 00000000 ____D C:\Program Files\PDFConverter.com
2017-05-27 14:43 - 2017-06-19 12:31 - 00000000 ____D C:\Users\Maeve\Desktop\Recipes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-23 18:45 - 2015-05-14 20:44 - 00000000 ____D C:\Users\Maeve\AppData\Local\CrashDumps
2017-06-23 18:34 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-23 18:25 - 2017-04-16 12:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-23 16:47 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-23 16:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-23 13:57 - 2017-04-16 12:28 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5B3E2B97-14BB-45C1-9A64-75BFAEB1DA02}
2017-06-23 07:45 - 2015-07-16 05:27 - 00000000 ____D C:\Users\Maeve\Desktop\```Maeve
2017-06-23 06:17 - 2015-05-18 01:24 - 00000000 ____D C:\Users\Maeve\AppData\Roaming\vlc
2017-06-23 05:13 - 2015-10-14 00:28 - 00000000 ____D C:\Users\Maeve\AppData\Local\JDownloader v2.0
2017-06-23 04:47 - 2015-09-17 19:20 - 00000000 ____D C:\Users\Maeve\Downloads\````CJ````
2017-06-23 03:51 - 2017-04-16 12:07 - 00000000 ____D C:\Users\Maeve
2017-06-23 02:12 - 2017-04-16 12:22 - 01023996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-23 02:09 - 2017-04-16 12:05 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-23 02:09 - 2015-05-14 14:47 - 00000000 __SHD C:\Users\Maeve\IntelGraphicsProfiles
2017-06-23 02:08 - 2017-04-16 12:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-23 02:08 - 2017-03-18 07:40 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2017-06-23 02:07 - 2015-10-14 01:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-23 01:18 - 2016-09-10 06:42 - 00000000 ____D C:\Program Files (x86)\HSoftware
2017-06-23 01:18 - 2015-01-31 08:24 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-06-22 23:26 - 2017-02-08 09:43 - 00000000 ____D C:\Users\Maeve\AppData\LocalLow\Mozilla
2017-06-22 21:44 - 2015-01-31 08:24 - 00000000 ____D C:\ProgramData\PCDr
2017-06-22 13:25 - 2015-01-31 08:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-06-22 13:12 - 2015-12-22 02:38 - 00000000 ____D C:\Users\Maeve\Documents\ConvertXToDVD
2017-06-22 06:24 - 2017-04-16 12:28 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 06:24 - 2015-07-31 12:47 - 00002365 _____ C:\Users\Maeve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 06:24 - 2015-05-14 14:52 - 00000000 ___RD C:\Users\Maeve\OneDrive
2017-06-21 18:25 - 2015-12-16 08:57 - 00000000 ____D C:\Users\Maeve\Downloads\``Cash And Royal
2017-06-21 02:52 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-19 04:50 - 2017-05-06 19:34 - 00000000 ____D C:\Users\Maeve\Desktop\Maeve
2017-06-15 18:34 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-13 22:08 - 2015-05-14 16:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-13 22:05 - 2017-04-16 12:01 - 00414392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-13 22:04 - 2015-07-29 18:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-13 22:04 - 2015-07-29 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-13 17:38 - 2015-05-15 19:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 17:34 - 2015-05-15 19:54 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 17:30 - 2015-07-29 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 05:10 - 2015-09-22 05:55 - 00000000 ____D C:\Users\Maeve\Downloads\``Family Stuff
2017-06-07 03:58 - 2015-12-22 02:38 - 00099384 _____ C:\Users\Maeve\AppData\Roaming\inst.exe
2017-06-07 03:58 - 2015-12-22 02:38 - 00082816 _____ (VSO Software) C:\Users\Maeve\AppData\Roaming\pcouffin.sys
2017-06-07 03:58 - 2015-12-22 02:38 - 00007859 _____ C:\Users\Maeve\AppData\Roaming\pcouffin.cat
2017-06-07 03:58 - 2015-12-22 02:38 - 00000000 ____D C:\Users\Maeve\AppData\Roaming\Vso
2017-06-06 21:53 - 2015-12-23 10:37 - 00000000 ____D C:\Users\Maeve\AppData\Roaming\dvdcss
2017-06-06 03:29 - 2015-12-22 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2017-05-31 18:42 - 2015-08-24 22:22 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-30 09:11 - 2015-05-14 14:48 - 00000000 ____D C:\Users\Maeve\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2015-12-22 02:38 - 2017-06-07 03:58 - 0099384 _____ () C:\Users\Maeve\AppData\Roaming\inst.exe
2015-12-22 02:38 - 2017-06-07 03:58 - 0007859 _____ () C:\Users\Maeve\AppData\Roaming\pcouffin.cat
2015-12-22 02:38 - 2017-06-07 03:58 - 0001167 _____ () C:\Users\Maeve\AppData\Roaming\pcouffin.inf
2015-12-22 02:38 - 2017-06-07 03:58 - 0000055 _____ () C:\Users\Maeve\AppData\Roaming\pcouffin.log
2015-12-22 02:38 - 2017-06-07 03:58 - 0082816 _____ (VSO Software) C:\Users\Maeve\AppData\Roaming\pcouffin.sys
2016-01-23 12:55 - 2016-01-23 12:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-04-16 12:04 - 2017-04-16 12:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-18 17:05 - 2017-01-08 19:58 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-31 08:13 - 2015-01-31 08:14 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-01-31 08:10 - 2015-01-31 08:11 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-01-31 08:11 - 2015-01-31 08:12 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-01-31 08:12 - 2015-01-31 08:13 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-01-31 08:09 - 2015-01-31 08:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
2017-06-06 10:22 - 2017-06-06 10:22 - 0006144 _____ () C:\Users\Maeve\AppData\Local\Temp\-zqz5by2.dll
2017-06-06 13:47 - 2017-06-06 13:47 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\Maeve\AppData\Local\Temp\COMAP.EXE
2017-06-23 00:20 - 2017-03-18 16:57 - 1930320 _____ (Microsoft Corporation) C:\Users\Maeve\AppData\Local\Temp\dllnt_dump.dll
2017-06-09 03:50 - 2017-06-09 03:50 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\du6otcsn.dll
2017-04-28 15:29 - 2017-04-28 15:29 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\earotdjf.dll
2017-06-16 02:36 - 2017-06-16 02:36 - 0040448 _____ () C:\Users\Maeve\AppData\Local\Temp\proxy_vole3528927824323709753.dll
2017-06-16 11:17 - 2017-06-16 11:17 - 0040448 _____ () C:\Users\Maeve\AppData\Local\Temp\proxy_vole5157223706990375527.dll
2017-05-06 19:17 - 2017-05-06 19:17 - 0006144 _____ () C:\Users\Maeve\AppData\Local\Temp\s2voxetp.dll
2017-06-22 21:39 - 2017-06-22 21:39 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\tfg_u3s6.dll
2017-05-11 05:41 - 2017-05-11 05:41 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\vmcfiv8e.dll
2017-04-21 05:25 - 2017-04-21 05:25 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\vwvp5kcg.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-17 12:45
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by Maeve (23-06-2017 18:48:49)
Running from C:\Users\Maeve\Desktop
Windows 10 Home Version 1703 (X64) (2017-04-16 16:38:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1947456416-407860107-2531499371-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1947456416-407860107-2531499371-503 - Limited - Disabled)
Guest (S-1-5-21-1947456416-407860107-2531499371-501 - Limited - Disabled)
Maeve (S-1-5-21-1947456416-407860107-2531499371-1001 - Administrator - Enabled) => C:\Users\Maeve
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\Amazon Kindle) (Version:  - Amazon)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.4.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A10101BE-714B-42EE-B88B-5D3725B61425}) (Version: 1.4.2.2 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.39 - PC Drivers HeadQuarters LP) <==== ATTENTION
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Facebook Games Arcade 0.10.0.1 (HKLM-x32\...\{3B0B9D77-F8F9-46E8-99B0-E874B4E500E5}) (Version: 0.10.0.1 - Facebook)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IncrediMail (x32 Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
MakeMKV v1.9.5 (HKLM-x32\...\MakeMKV) (Version: v1.9.5 - GuinpinSoft inc)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.46 - mIRC Co. Ltd.)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.326 - Qualcomm Atheros Communications)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.25 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
True Color (HKLM-x32\...\{d3c1120e-12a0-45ac-ad51-e255f518ce24}) (Version: 5.0.0.6 - Entertainment Experience)
True Color (Version: 5.0.0.6 - Entertainment Experience LLC) Hidden
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.40 - VSO Software)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.40 - VSO Software)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02934A23-D261-44A6-B524-3C3061CCE928} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
Task: {0785B6BE-6D78-4430-BD2B-99382C34C12A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-13] (Microsoft Corporation)
Task: {0E120543-7402-4EA3-8305-CD7D89465D79} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
Task: {111440B4-8E33-46BE-AB39-17FABA113251} - System32\Tasks\{CAFD31E7-4AB6-4CE7-97E9-F7B5A429B83B} => pcalua.exe -a C:\WINDOWS\8a24a6a8eb4bc08f0ffb883ccf7058b1.exe
Task: {1AE11787-6432-4132-94C7-E77520C564F4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2117462C-2CAB-4249-82CB-73814E8A934B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {21AFFB76-EBC8-46E0-879E-91976EDA9348} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {22534896-3061-4F8B-ADA9-B797EB961276} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {2DFC5523-E1D4-413F-A9ED-C2AE3BBA6F41} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-12-11] (Realtek Semiconductor)
Task: {334FE433-3A3E-48A2-9F31-45F999DADA43} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3E6AA491-06B8-4AB7-9E62-27C9CEFF690E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {3F777521-E484-4F64-B385-21B2C498019B} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
Task: {471A0CB5-F6A0-416E-8628-6323788FBEEF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {4780B6F0-588D-4BD7-B65F-5117442F163C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4A751304-9483-4261-9BDF-E6AD18F09BA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {4E6BF1C0-DE22-4DFD-8D86-6018A77F6CD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {54F66291-C1C7-4625-84A6-7AACB25DB7AA} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {58C7E33C-57E5-46DD-9F5C-6D49721B91C6} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
Task: {61B73F96-25AF-4894-9468-42FEA43616DC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {63CE90EF-D4FF-4106-A4BC-7D5CA12CC58D} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {76064295-D75E-4FD2-BCBB-B30A4A611382} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8EC0E902-0A37-4E69-BF18-C165A79F18C9} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
Task: {972605B5-7476-4991-BE27-BFEEEC0D1433} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {A15EC496-9303-42D3-9A2B-C29125301C60} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-02-16] (Synaptics Incorporated)
Task: {A706E4FD-3A08-41E2-BB66-AAFE212ECFF1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AF4A1013-32B7-4D42-A42C-AE37A5D54DB5} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-25] (Dell Inc.)
Task: {B5FDD850-1E85-4E23-A2A8-61C46ABC65D6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B6993990-7687-4E33-BB80-FEE1F152C888} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {BE712FA8-8E56-4E9F-B6F4-564C712D82E0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {C6FDB1C4-DC25-456B-AD6E-07564197BB1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {D0065951-B719-4DD0-8CE3-A7FC3370F68D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DF18E3D0-F886-4561-9125-636AA9960CE6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DF6487CC-0FEC-40F3-84A0-20556F686B97} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E3728734-07B2-4AF8-8801-09B967BCC17B} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {E8637912-1218-4357-B2C1-DE746278D94E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F18EFEFF-5FE3-4B67-AE93-A465C10C248E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F23935FE-9395-4199-8EA5-2CF18E9C16DF} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {F855FB01-C4B4-4469-B7EA-8DEAB37D5595} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FF3DDCC3-3AA8-482E-9D14-603AE30596E9} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {FF9A2FCC-703A-4630-9B47-223F1451F8FC} - \WPD\SqmUpload_S-1-5-21-1947456416-407860107-2531499371-1001 -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\RunDFS.job => cmd /c sc start Dell Foundation Services WORKGROUP MAEVE
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-02-10 15:17 - 2014-02-10 15:17 - 00466944 _____ () C:\WINDOWS\system32\DPPPlugin.dll
2015-05-14 19:12 - 2015-10-04 13:30 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-10-17 16:16 - 2014-10-17 16:16 - 00093648 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2017-02-16 01:21 - 2017-02-16 01:21 - 00410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-07-28 18:11 - 2016-07-28 18:11 - 00042928 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe
2017-06-23 02:12 - 2017-06-23 02:12 - 00566439 _____ () C:\Users\Maeve\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2017-06-23 02:12 - 2017-06-23 02:12 - 04078962 _____ () C:\Users\Maeve\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2017-05-15 20:08 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 20:08 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2016-04-29 08:55 - 2016-04-29 08:55 - 01028608 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\CefSharp.Core.dll
2016-04-29 08:55 - 2016-04-29 08:55 - 56718848 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\libcef.dll
2015-01-31 08:10 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 15:41 - 2013-03-05 15:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-04-29 08:55 - 2016-04-29 08:55 - 00688640 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2016-04-29 08:55 - 2016-04-29 08:55 - 02127872 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\libglesv2.dll
2016-04-29 08:55 - 2016-04-29 08:55 - 00075776 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\libegl.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-09-03 15:03 - 2014-09-03 15:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-02-14 11:53 - 2016-02-14 11:53 - 00032784 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
2017-04-04 20:38 - 2017-04-04 20:38 - 69743184 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\driversupport.com -> hxxps://apps.driversupport.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-10-25 20:15 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1947456416-407860107-2531499371-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maeve\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{5f181232-3ee7-445c-97b9-f908435979d2}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{984A5C38-7813-4056-B46D-07CFEC8B78CC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{D5422E07-AAFB-40AD-8B00-395928B9CF2B}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{ED200A4C-76F1-4719-A94F-7F06C32FF538}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{DC025BF8-E668-49A7-BAC3-91D8AB870FBA}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{7EBCFF1F-8A7A-4CE6-B1E5-7182D6719151}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{FBD12E40-EA25-4A74-983B-E6010777CD5F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{889F598C-0FF2-45DB-8502-4E09A927906E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{EB98A878-2F19-4FC5-8312-D1F3DF59EB60}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6ED4C7D4-4FCB-4422-8984-013B3B8BBBB3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{32ED0146-1779-47E7-A680-F4914201F850}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D288403E-8316-4CA6-AB9B-A9018C05E691}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A5D767FD-A565-469A-9C94-E53882A51258}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [UDP Query User{E75F7BEB-00A1-4415-BA28-0A9CD3618C38}C:\users\maeve\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\maeve\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{9DEAD310-B9D8-4194-941F-C1E5C80AFC23}C:\users\maeve\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\maeve\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{7065D69C-EF49-4522-93F1-2F736639B2DF}] => (Block) C:\mirc\mirc.exe
FirewallRules: [{9B4DFDCD-68DF-4854-88B3-0C0D45633ADA}] => (Block) C:\mirc\mirc.exe
FirewallRules: [UDP Query User{C42B3182-B98E-47E9-95CE-BD410B999F8F}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe
FirewallRules: [TCP Query User{89C281BE-C300-409E-8776-C389EFAF2E8F}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe
FirewallRules: [{0ADE35FE-5B1E-48B6-BCE0-57A41171AA17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{062568B6-2E0C-4DD9-900F-437E3FC2C683}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{8113973F-A467-4CFF-A5F6-D894BC4C4B94}C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{31738010-F4BC-4C0A-AC3C-F8D6262D072C}C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{3CBA7E9F-8F97-4721-A423-D32598EE7AEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
01-06-2017 04:40:58 Windows Update
09-06-2017 13:37:29 Scheduled Checkpoint
13-06-2017 17:24:18 Windows Update
22-06-2017 00:06:39 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/23/2017 06:45:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2017 06:45:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2017 06:45:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2017 06:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2017 06:45:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e
Faulting module name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e
Exception code: 0xc000027b
Fault offset: 0x000000000011bc57
Faulting process id: 0x3320
Faulting application start time: 0x01d2ec726c4218c8
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: 961b4722-90ff-456b-a476-58bb34252153
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (06/23/2017 06:38:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2017 06:38:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2017 06:38:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2017 06:29:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2017 06:29:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Exception code: 0xc000027b
Fault offset: 0x00000000001af087
Faulting process id: 0x898
Faulting application start time: 0x01d2ec703c8cedcf
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 0ffa9183-1269-484e-8ffe-afdb48ef5552
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
 
System errors:
=============
Error: (06/23/2017 06:45:47 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
 
Error: (06/23/2017 06:45:47 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
 
Error: (06/23/2017 06:45:47 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca did not register with DCOM within the required timeout.
 
Error: (06/23/2017 06:45:34 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.
 
Error: (06/23/2017 06:38:47 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
 
Error: (06/23/2017 06:38:47 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
 
Error: (06/23/2017 06:38:47 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca did not register with DCOM within the required timeout.
 
Error: (06/23/2017 06:29:55 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout.
 
Error: (06/23/2017 06:29:16 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout.
 
Error: (06/23/2017 06:29:16 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
Description: The server Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-06-23 13:13:12.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-21 21:07:46.845
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-17 03:40:16.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-14 12:58:10.030
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-10 13:37:48.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-09 12:53:00.238
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-07 14:46:26.777
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-06 14:08:17.050
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 16:14:40.433
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-01 15:29:56.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 8103.66 MB
Available physical RAM: 4340.07 MB
Total Virtual: 9383.66 MB
Available Virtual: 4672.73 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:920.61 GB) (Free:464.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9021422C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by UneekOne, 24 June 2017 - 02:48 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Uninstall

 

JDownloader 2 

 

It comes with a lot of unwanted baggage these days.

 

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  

    Open an elevated command prompt:
     
     
     
    If you open an elevated command prompt it will by default open in c:\Windows\system32
     
    Once you have an elevated command prompt:
     
    Type:
     

     DISM  /Online  /Cleanup-Image  /RestoreHealth
     
     (I use two spaces so you can be sure to see where one space goes.)
    Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:
     
    Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
     

    sfc  /scannow
     
     
     
    This will also take a few minutes.  
     
    When it finishes it will say one of the following:
     
    Windows did not find any integrity violations (a good thing)
    Windows Resource Protection found corrupt files and repaired them (a good thing)
    Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
     
    If you get the last result then type:
     

    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
     
    Hit Enter.  Then type::
     
     

    notepad  \junk.txt 
     
    Hit Enter. 
     
     Copy the text from notepad and paste it into a reply.
     
     
    After you finish SFC, regardless of the result:
     
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     
    Do another FRST scan with Addition.txt checked and post both logs.
     

    • 0

    #3
    UneekOne

    UneekOne

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts

    Thanks for your response and help.

     

    Here are the logs you requested:

     

     

     

    # AdwCleaner v6.047 - Logfile created 26/06/2017 at 15:07:26

    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-06-26.1 [Server]
    # Operating System : Windows 10 Home  (X64)
    # Username : Maeve - MAEVE
    # Running from : C:\Users\Maeve\Downloads\AdwCleaner.exe
    # Mode: Clean
     
     
     
    ***** [ Services ] *****
     
    [-] Service deleted: WtuSystemSupport
     
     
    ***** [ Folders ] *****
     
    [-] Folder deleted: C:\Users\Maeve\AppData\Local\avg web tuneup
    [-] Folder deleted: C:\Users\Maeve\AppData\LocalLow\avg web tuneup
    [-] Folder deleted: C:\Program Files\avg web tuneup
    [-] Folder deleted: C:\ProgramData\avg web tuneup
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
    [-] Folder deleted: C:\Program Files (x86)\avg web tuneup
     
     
    ***** [ Files ] *****
     
     
     
    ***** [ DLL ] *****
     
     
     
    ***** [ WMI ] *****
     
     
     
    ***** [ Shortcuts ] *****
     
     
     
    ***** [ Scheduled Tasks ] *****
     
     
     
    ***** [ Registry ] *****
     
    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
    [-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
    [-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
    [-] Key deleted: HKU\S-1-5-21-1947456416-407860107-2531499371-1001\Software\Microsoft\Internet Explorer\SearchScopes\{39F104E0-9361-4682-A372-28C13B942F44}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{39F104E0-9361-4682-A372-28C13B942F44}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{39F104E0-9361-4682-A372-28C13B942F44}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
     
     
    ***** [ Web browsers ] *****
     
    [-] Firefox preferences cleaned: "browser.newtab.url" -  "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311366&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1vtB5jAbV8%2BGdp8K4ePZ0AzcmbM8%2BYcPZ8YXOYGA7K8isabo%2FzixeHrMR3k9Htw2C1EG%2F9yUPhoRTaj9u7BV%2B5puYGCDRvMS3lFY2UAEd1J8LF40M4fNVOedAMoIJS8KLUindvTjJnIX%2BZ7Xb9ouFnWw4mSVJs79sk4GseQogvVUMYPkZU9467oB%2B8Q3gkYOc%3D"
    [-] Firefox preferences cleaned: "browser.startup.homepage" -  "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311366&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1vtB5jAbV8%2BGdp8K4ePZ0AAveFfWeApFhe9LGhmP19smarIvrmtN%2FLQW0i0X4itisB9EnYvAHWZgQiuwKICULKANVlAUTxXsm2ImxgiKrKkx%2Fhcm8IdMugol5AjC9vsfIrcvDCnQKGi8ZftgS7xoAw4xQEAakvJiWGs5rBft1zrTRxIB8gC7Ai0QO%2FpECwn%2BU%3D"
    [-] [C:\Users\Maeve\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: palikan
    [-] [C:\Users\Maeve\AppData\Local\Chromium\User Data\Default] [extension] Deleted: ljibkigjccbegnbeojkoafejpoiachej
    [-] [C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ijjnmdphpnlnelhbhefnfmimenjgbfcn
    [-] [C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ljibkigjccbegnbeojkoafejpoiachej
     
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C1].txt - [9325 Bytes] - [14/10/2015 00:47:18]
    C:\AdwCleaner\AdwCleaner[C2].txt - [4167 Bytes] - [26/06/2017 15:07:26]
    C:\AdwCleaner\AdwCleaner[S1].txt - [9675 Bytes] - [14/10/2015 00:44:12]
    C:\AdwCleaner\AdwCleaner[S2].txt - [4156 Bytes] - [26/06/2017 15:05:48]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4386 Bytes] ##########
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.3 (04.10.2017)
    Operating System: Windows 10 Home x64 
    Ran by Maeve (Administrator) on Mon 06/26/2017 at 15:20:06.89
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 3 
     
    Successfully deleted: C:\Users\Maeve\AppData\Roaming\Mozilla\Firefox\Profiles\t16uvljl.default\searchplugins\Yahoo powered search.xml (File) 
    Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
    Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
     
     
     
    Registry: 1 
     
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45} (Registry Key)
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 06/26/2017 at 15:22:29.92
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
    Vino's Event Viewer v01c run on Windows 7 in English
    Report run at 26/06/2017 6:24:50 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/06/2017 6:36:42 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    Log: 'System' Date/Time: 26/06/2017 9:50:37 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    Log: 'System' Date/Time: 09/06/2017 8:13:43 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    Log: 'System' Date/Time: 21/05/2017 2:32:14 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    Log: 'System' Date/Time: 19/04/2017 8:30:36 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/06/2017 10:24:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:22:43 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:22:42 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:21:35 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe!App did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:09:42 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe!Microsoft.ZuneMusic.AppXg7frm9cyrqhbagxce6zrshkx8fn0ycca.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:08:13 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:07:41 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:07:41 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:07:39 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:58:11 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:54:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:54:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:40:48 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:39:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:39:39 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:34:12 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:34:11 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:26:58 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:24:44 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:24:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/06/2017 8:10:45 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 8:10:45 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 8:10:45 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 8:10:45 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 8:09:40 PM
    Type: Warning Category: 0
    Event: 34 Source: BTHUSB
    The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
     
    Log: 'System' Date/Time: 26/06/2017 8:09:34 PM
    Type: Warning Category: 0
    Event: 1 Source: rt640x64
    Realtek PCIe FE Family Controller is disconnected from network.
     
    Log: 'System' Date/Time: 26/06/2017 7:10:02 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 7:10:02 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 7:10:02 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 7:10:02 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 7:08:57 PM
    Type: Warning Category: 0
    Event: 34 Source: BTHUSB
    The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
     
    Log: 'System' Date/Time: 26/06/2017 7:08:51 PM
    Type: Warning Category: 0
    Event: 1 Source: rt640x64
    Realtek PCIe FE Family Controller is disconnected from network.
     
    Log: 'System' Date/Time: 26/06/2017 6:38:05 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 6:38:05 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 6:38:05 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 6:38:05 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 6:37:03 PM
    Type: Warning Category: 0
    Event: 34 Source: BTHUSB
    The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
     
    Log: 'System' Date/Time: 26/06/2017 6:36:54 PM
    Type: Warning Category: 0
    Event: 1 Source: rt640x64
    Realtek PCIe FE Family Controller is disconnected from network.
     
    Log: 'System' Date/Time: 26/06/2017 9:52:01 AM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 9:52:01 AM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
     
     
     
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
    Ran by Maeve (administrator) on MAEVE (26-06-2017 18:26:36)
    Running from C:\Users\Maeve\Desktop
    Loaded Profiles: Maeve (Available Profiles: Maeve)
    Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAOsvc.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    () C:\Program Files\TrueColor\TrueColorALS.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (PC Drivers HeadQuarters LP) C:\Program Files (x86)\Driver Support\svc\DriverSupportAO.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (PC Drivers Headquarters LP) C:\Program Files (x86)\Driver Support\DriverSupport.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
    () C:\Users\Maeve\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (The CefSharp Authors) C:\Users\Maeve\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
    (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
    (The CefSharp Authors) C:\Users\Maeve\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-11] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-11] (Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3859456 2014-09-05] (Dell Inc.)
    HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19491792 2014-10-17] (Entertainment Experience)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
    HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
    Startup: C:\Users\Maeve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-08-01]
    ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\Maeve\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe ()
    GroupPolicy: Restriction <==== ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{a61087d7-b5a8-422f-9d5e-4449f6f316fd}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{c5241180-27e7-4f08-b96f-6ace786adf7a}: [DhcpNameServer] 0.0.0.0
     
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1947456416-407860107-2531499371-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
     
    FireFox:
    ========
    FF DefaultProfile: t16uvljl.default
    FF ProfilePath: C:\Users\Maeve\AppData\Roaming\Mozilla\Firefox\Profiles\t16uvljl.default [2017-06-26]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\t16uvljl.default -> Yahoo powered search
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\t16uvljl.default -> Yahoo powered search
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\t16uvljl.default -> Yahoo powered search
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t16uvljl.default -> Yahoo powered search
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR NewTab: Default ->  Not-active:"chrome-extension://jmjhdkmgmjoajplaghemoloohbchppin/stubby.html", Not-active:"chrome-extension://agpiaamkfhnemlljkhdokbifadpkahfm/stubby.html"
    CHR Profile: C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
    CHR Extension: (Google Slides) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-14]
    CHR Extension: (Google Docs) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-14]
    CHR Extension: (Google Drive) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (Open with Google Drive™ Viewer) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkpinfdldjdngmgfbifbdbgaoampkan [2016-07-12]
    CHR Extension: (YouTube) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (MapsAlly Offers) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnegagndjblonaeagbgonhdgnjpjlgbj [2017-05-30]
    CHR Extension: (Google Search) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (Google Sheets) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-14]
    CHR Extension: (Booking.com for Chrome™) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2017-06-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (AdBlock) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-26]
    CHR Extension: (MapsGalaxy) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2017-06-26]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
    CHR Extension: (IncrediMail) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\npndnkjhbbmjlbcbmkkdkmfofjkaaahm [2015-12-21]
    CHR Extension: (Gmail) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
    CHR Extension: (Chrome Media Router) - C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19]
    CHR Profile: C:\Users\Maeve\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-17]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [206712 2017-06-20] (Dell Inc.)
    R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3296632 2017-06-20] (Dell Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-06-20] (Dell Inc.)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
    R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
    S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
    R2 DSAO; C:\Program Files (x86)\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-22] (PC Drivers HeadQuarters LP)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation)
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-11] (Realtek Semiconductor)
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [52696 2017-06-21] (Dell Inc.)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
    R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [93648 2014-10-17] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
    R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
    R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
    R3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-12-11] (Realtek                                            )
    R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated)
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    S1 MpKsla8c6c927; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3641133-C4A4-44E8-9741-482C039EA45D}\MpKsla8c6c927.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-06-26 17:35 - 2017-06-26 17:35 - 00000000 _____ C:\junk.txt
    2017-06-26 16:46 - 2017-06-26 16:49 - 00035679 _____ C:\Users\Maeve\Desktop\Addition.txt
    2017-06-26 16:45 - 2017-06-26 18:27 - 00018891 _____ C:\Users\Maeve\Desktop\FRST.txt
    2017-06-26 16:45 - 2017-06-26 16:45 - 00000000 ____D C:\Users\Maeve\Desktop\FRST-OlderVersion
    2017-06-26 16:41 - 2017-06-26 18:24 - 00013784 _____ C:\VEW.txt
    2017-06-26 16:37 - 2017-06-26 16:37 - 00061440 _____ ( ) C:\Users\Maeve\Desktop\VEW.exe
    2017-06-26 15:22 - 2017-06-26 15:22 - 00000993 _____ C:\Users\Maeve\Desktop\JRT.txt
    2017-06-26 15:13 - 2017-06-26 15:13 - 01663672 _____ (Malwarebytes) C:\Users\Maeve\Downloads\JRT.exe
    2017-06-26 14:51 - 2017-06-26 14:51 - 04110280 _____ C:\Users\Maeve\Downloads\AdwCleaner.exe
    2017-06-26 12:05 - 2017-06-26 14:33 - 1048569000 _____ C:\Users\Maeve\Downloads\djik3yh2q0w.part3.rar
    2017-06-26 12:05 - 2017-06-26 14:14 - 1048569000 _____ C:\Users\Maeve\Downloads\djik3yh2q0w.part4.rar
    2017-06-26 12:05 - 2017-06-26 13:52 - 1048569000 _____ C:\Users\Maeve\Downloads\djik3yh2q0w.part5.rar
    2017-06-26 12:05 - 2017-06-26 13:38 - 1048569000 _____ C:\Users\Maeve\Downloads\djik3yh2q0w.part6.rar
    2017-06-26 12:05 - 2017-06-26 13:21 - 1048569000 _____ C:\Users\Maeve\Downloads\djik3yh2q0w.part7.rar
    2017-06-26 12:05 - 2017-06-26 12:21 - 1048569000 _____ C:\Users\Maeve\Downloads\djik3yh2q0w.part8.rar
    2017-06-26 12:05 - 2017-06-26 12:13 - 131897845 _____ C:\Users\Maeve\Downloads\Unconfirmed 742398.crdownload
    2017-06-26 12:05 - 2017-06-26 12:12 - 223773445 _____ C:\Users\Maeve\Downloads\Unconfirmed 835873.crdownload
    2017-06-26 12:05 - 2017-06-26 12:08 - 73069547 _____ C:\Users\Maeve\Downloads\djik3yh2q0w.part9.rar
    2017-06-26 12:04 - 2017-06-26 12:13 - 194176056 _____ C:\Users\Maeve\Downloads\ftuxpnjrana.part6.rar
    2017-06-26 12:04 - 2017-06-26 12:13 - 184380605 _____ C:\Users\Maeve\Downloads\Unconfirmed 388842.crdownload
    2017-06-26 12:04 - 2017-06-26 12:11 - 186228253 _____ C:\Users\Maeve\Downloads\Unconfirmed 781514.crdownload
    2017-06-26 12:04 - 2017-06-26 12:11 - 168721933 _____ C:\Users\Maeve\Downloads\Unconfirmed 157462.crdownload
    2017-06-26 12:04 - 2017-06-26 12:11 - 160736213 _____ C:\Users\Maeve\Downloads\Unconfirmed 781879.crdownload
    2017-06-26 12:04 - 2017-06-26 12:08 - 55075653 _____ C:\Users\Maeve\Downloads\Unconfirmed 845928.crdownload
    2017-06-26 01:25 - 2017-06-26 11:54 - 00000000 ____D C:\Users\Maeve\Downloads\~~~~~Preacher
    2017-06-26 01:25 - 2017-06-26 11:53 - 00000000 ____D C:\Users\Maeve\Downloads\`````````Power
    2017-06-25 17:05 - 2017-06-26 05:49 - 00000021 _____ C:\Users\Maeve\Desktop\Store.txt
    2017-06-25 02:59 - 2017-06-25 02:59 - 06577082 _____ C:\Users\Maeve\Desktop\MedicareAndYou2017_10050.pdf
    2017-06-24 17:39 - 2017-06-24 19:51 - 00000000 ____D C:\Users\Maeve\Desktop\MEDICARE INFO
    2017-06-24 14:04 - 2017-06-24 14:04 - 00003896 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 ____D C:\ProgramData\SupportAssistAgent
    2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 ____D C:\ProgramData\SupportAssist
    2017-06-24 07:14 - 2017-06-23 12:50 - 3689471497 _____ C:\Users\Maeve\Downloads\Ripped-1080 WEB.mkv
    2017-06-24 05:25 - 2017-06-24 05:25 - 00135068 _____ C:\Users\Maeve\Desktop\ss-5.pdf
    2017-06-24 05:00 - 2017-06-24 06:57 - 89056749 _____ C:\Users\Maeve\Downloads\The Bad Batch.mkv
    2017-06-24 04:59 - 2017-06-24 06:09 - 765355095 _____ C:\Users\Maeve\Downloads\Dark Matter-Season 3-Episode 4.mkv
    2017-06-23 18:43 - 2017-06-26 18:26 - 00000000 ____D C:\FRST
    2017-06-23 18:42 - 2017-06-26 16:45 - 02441216 _____ (Farbar) C:\Users\Maeve\Desktop\FRST64.exe
    2017-06-23 18:33 - 2017-06-23 18:33 - 00000000 ___HD C:\$SysReset
    2017-06-23 16:58 - 2017-06-23 16:58 - 00673366 _____ C:\Users\Maeve\Desktop\Cheesy Cajun Beef and Potato Bake - Points Recipes.pdf
    2017-06-23 06:18 - 2017-06-23 06:18 - 00000000 ____D C:\Users\Maeve\Desktop\Birthday
    2017-06-23 06:02 - 2017-06-23 06:02 - 00004566 _____ C:\Users\Maeve\Downloads\firstime.mid
    2017-06-23 05:56 - 2017-06-23 06:17 - 00000000 ____D C:\Users\Maeve\Downloads\```````The Mist
    2017-06-23 05:21 - 2017-06-21 07:15 - 3065556789 _____ C:\Users\Maeve\Downloads\Bottom of the World.mkv
    2017-06-23 04:59 - 2017-06-20 11:10 - 3913258075 _____ C:\Users\Maeve\Downloads\The Baby Moon.mkv
    2017-06-23 04:57 - 2017-06-23 04:57 - 00038678 _____ C:\Users\Maeve\Desktop\easypointsww.com-SLOW COOKER LO MEIN.pdf
    2017-06-23 04:35 - 2017-06-20 08:04 - 49125334 _____ C:\Users\Maeve\Downloads\Another Forever.mkv
    2017-06-23 03:00 - 2017-06-22 22:21 - 801562095 _____ C:\Users\Maeve\Downloads\Kong Skull Island.mkv
    2017-06-23 00:22 - 2017-06-23 00:22 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-06-23 00:20 - 2017-06-23 00:26 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-06-22 13:25 - 2017-06-22 13:25 - 00002119 _____ C:\Users\Public\Desktop\SupportAssist.lnk
    2017-06-22 13:24 - 2017-06-22 13:25 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
    2017-06-22 13:24 - 2017-06-22 13:24 - 00000000 ____D C:\Program Files\Dell Support Center
    2017-06-22 02:43 - 2017-06-22 03:34 - 1275647472 _____ C:\Users\Maeve\Downloads\Queen Sugar-Season 2-Episode 1.mkv
    2017-06-21 18:38 - 2017-06-21 18:38 - 00070098 _____ C:\Users\Maeve\Desktop\Simple Salisbury Steak.pdf
    2017-06-20 22:24 - 2017-06-20 23:10 - 917984896 _____ C:\Users\Maeve\Downloads\Riviera-Season 1-Episode 1.mkv
    2017-06-20 22:20 - 2017-06-20 22:40 - 1310157562 _____ C:\Users\Maeve\Downloads\Animal Kingdom-Season 2-Episode 4.mkv
    2017-06-20 22:14 - 2017-06-20 07:17 - 63778458 _____ C:\Users\Maeve\Downloads\Heritage Falls-1080 WEB.mkv
    2017-06-20 20:55 - 2017-06-20 08:09 - 1673869735 _____ C:\Users\Maeve\Downloads\Brightest Star-1080 WEB.mkv
    2017-06-20 17:44 - 2017-06-20 10:56 - 3893111416 _____ C:\Users\Maeve\Downloads\Camera Store-1080 WEB.mkv
    2017-06-20 15:08 - 2017-06-20 21:44 - 458789850 _____ C:\Users\Maeve\Downloads\The Dinner-1080 WEB.mkv
    2017-06-20 03:59 - 2017-06-20 13:37 - 1975885469 _____ C:\Users\Maeve\Downloads\The Zoo Keepers Wife.mkv
    2017-06-20 02:28 - 2017-06-20 02:48 - 1082834064 _____ C:\Users\Maeve\Downloads\Stitchers-Season 3-Episode 3.mkv
    2017-06-19 21:33 - 2017-06-20 04:01 - 3381463342 _____ C:\Users\Maeve\Downloads\All About The Money-1080 WEB.mkv
    2017-06-19 21:09 - 2017-06-19 21:09 - 00075877 _____ C:\Users\Maeve\Desktop\CJs Toll Charge.pdf
    2017-06-19 16:29 - 2017-06-19 16:29 - 00000997 _____ C:\Users\Maeve\Desktop\Glenn-Premier Lawn...Msg him.txt
    2017-06-19 08:08 - 2017-06-19 08:31 - 3166527857 _____ C:\Users\Maeve\Downloads\The Crash-1080 WEB.mkv
    2017-06-19 07:55 - 2017-06-18 15:00 - 4146447296 _____ C:\Users\Maeve\Downloads\Chronically Metropolitan.mkv
    2017-06-19 05:07 - 2017-06-19 05:07 - 01407732 _____ C:\Users\Maeve\Desktop\GBSL16.pdf
    2017-06-18 11:08 - 2017-06-18 11:09 - 00000000 ____D C:\Users\Maeve\Desktop\Trip Stuff
    2017-06-18 06:46 - 2017-06-23 07:57 - 00000405 _____ C:\Users\Maeve\Desktop\To WA.txt
    2017-06-17 16:07 - 2017-06-17 11:39 - 1968093830 _____ C:\Users\Maeve\Downloads\Song To Song.mkv
    2017-06-17 12:29 - 2017-06-17 12:48 - 563204828 _____ C:\Users\Maeve\Downloads\Kingdom-Season 3-Episode 3.mp4
    2017-06-17 12:28 - 2017-06-17 13:07 - 514946118 _____ C:\Users\Maeve\Downloads\Kingdom-Season 3-Episode 2.mp4
    2017-06-17 06:10 - 2017-06-17 06:10 - 00107501 _____ C:\Users\Maeve\Desktop\CJs Duke Energy-July Bill.pdf
    2017-06-15 15:38 - 2017-06-15 15:52 - 1160612070 _____ C:\Users\Maeve\Downloads\House.Husbands.S05E11.1080p.HDTV.H264-CBFM.mkv
    2017-06-13 22:07 - 2017-06-03 02:32 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-06-13 22:07 - 2017-06-03 02:32 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-06-13 17:27 - 2017-06-13 17:27 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2017-06-13 17:22 - 2017-06-03 05:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-06-13 17:22 - 2017-06-03 05:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-06-13 17:22 - 2017-06-03 05:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-06-13 17:22 - 2017-06-03 05:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-06-13 17:22 - 2017-06-03 05:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-06-13 17:22 - 2017-06-03 05:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
    2017-06-13 17:22 - 2017-06-03 05:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-06-13 17:22 - 2017-06-03 05:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-06-13 17:22 - 2017-06-03 05:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2017-06-13 17:22 - 2017-06-03 05:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-06-13 17:22 - 2017-06-03 05:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-06-13 17:22 - 2017-06-03 05:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-06-13 17:22 - 2017-06-03 05:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2017-06-13 17:22 - 2017-06-03 05:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-06-13 17:22 - 2017-06-03 05:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-06-13 17:22 - 2017-06-03 05:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-13 17:22 - 2017-06-03 05:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
    2017-06-13 17:22 - 2017-06-03 05:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-06-13 17:22 - 2017-06-03 05:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-06-13 17:22 - 2017-06-03 05:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-06-13 17:22 - 2017-06-03 04:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-06-13 17:22 - 2017-06-03 04:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-06-13 17:22 - 2017-06-03 04:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-06-13 17:22 - 2017-06-03 04:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-06-13 17:22 - 2017-06-03 04:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-06-13 17:22 - 2017-06-03 04:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-06-13 17:22 - 2017-06-03 04:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2017-06-13 17:22 - 2017-06-03 04:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-06-13 17:22 - 2017-06-03 04:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-06-13 17:22 - 2017-06-03 04:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-06-13 17:22 - 2017-06-03 04:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-06-13 17:22 - 2017-06-03 04:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2017-06-13 17:22 - 2017-06-03 04:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-06-13 17:22 - 2017-06-03 04:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-06-13 17:22 - 2017-05-20 05:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2017-06-13 17:22 - 2017-05-20 04:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2017-06-13 17:22 - 2017-05-20 04:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-06-13 17:22 - 2017-05-20 04:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2017-06-13 17:22 - 2017-05-20 04:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-06-13 17:22 - 2017-05-20 04:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2017-06-13 17:22 - 2017-05-20 04:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2017-06-13 17:22 - 2017-05-20 04:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-06-13 17:22 - 2017-05-20 04:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2017-06-13 17:22 - 2017-05-20 04:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2017-06-13 17:22 - 2017-05-20 04:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-06-13 17:22 - 2017-05-20 04:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-06-13 17:22 - 2017-05-20 04:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-06-13 17:22 - 2017-05-20 04:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-06-13 17:22 - 2017-05-20 04:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2017-06-13 17:22 - 2017-05-20 04:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2017-06-13 17:22 - 2017-05-20 04:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
    2017-06-13 17:22 - 2017-05-20 04:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-06-13 17:22 - 2017-05-20 04:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-06-13 17:22 - 2017-05-20 04:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-06-13 17:22 - 2017-05-20 04:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2017-06-13 17:22 - 2017-05-20 04:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
    2017-06-13 17:22 - 2017-05-20 04:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-06-13 17:22 - 2017-05-20 04:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
    2017-06-13 17:22 - 2017-05-20 04:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2017-06-13 17:22 - 2017-05-20 04:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-06-13 17:22 - 2017-05-20 04:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-06-13 17:22 - 2017-05-20 04:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-06-13 17:22 - 2017-05-20 04:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2017-06-13 17:22 - 2017-05-20 04:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
    2017-06-13 17:22 - 2017-05-20 04:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
    2017-06-13 17:22 - 2017-05-20 04:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2017-06-13 17:22 - 2017-05-20 04:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
    2017-06-13 17:22 - 2017-05-20 04:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-06-13 17:22 - 2017-05-20 04:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-06-13 17:22 - 2017-05-20 04:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-06-13 17:22 - 2017-05-20 04:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-06-13 17:22 - 2017-05-20 04:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2017-06-13 17:22 - 2017-05-20 04:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2017-06-13 17:22 - 2017-05-20 04:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2017-06-13 17:22 - 2017-05-20 04:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-06-13 17:22 - 2017-05-20 04:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-06-13 17:22 - 2017-05-20 04:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2017-06-13 17:22 - 2017-05-20 04:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-06-13 17:22 - 2017-05-20 04:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-06-13 17:22 - 2017-05-20 04:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2017-06-13 17:22 - 2017-05-20 04:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2017-06-13 17:22 - 2017-05-20 04:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2017-06-13 17:22 - 2017-05-20 04:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-06-13 17:22 - 2017-05-20 04:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2017-06-13 17:22 - 2017-05-20 04:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2017-06-13 17:22 - 2017-05-20 04:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2017-06-13 17:22 - 2017-05-20 04:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2017-06-13 17:22 - 2017-05-20 04:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2017-06-13 17:22 - 2017-05-20 04:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
    2017-06-13 17:22 - 2017-05-20 04:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
    2017-06-13 17:22 - 2017-05-20 04:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-06-13 17:22 - 2017-05-20 04:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
    2017-06-13 17:20 - 2017-06-03 06:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2017-06-13 17:20 - 2017-06-03 06:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-06-13 17:20 - 2017-06-03 06:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-06-13 17:20 - 2017-06-03 05:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2017-06-13 17:20 - 2017-06-03 05:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-06-13 17:20 - 2017-06-03 05:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-06-13 17:20 - 2017-06-03 05:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2017-06-13 17:20 - 2017-06-03 05:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-06-13 17:20 - 2017-06-03 05:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-06-13 17:20 - 2017-06-03 05:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2017-06-13 17:20 - 2017-06-03 05:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2017-06-13 17:20 - 2017-06-03 05:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-06-13 17:20 - 2017-06-03 05:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2017-06-13 17:20 - 2017-06-03 05:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2017-06-13 17:20 - 2017-06-03 05:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2017-06-13 17:20 - 2017-06-03 05:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
    2017-06-13 17:20 - 2017-06-03 05:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-13 17:20 - 2017-06-03 05:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
    2017-06-13 17:20 - 2017-06-03 05:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-06-13 17:20 - 2017-06-03 05:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2017-06-13 17:20 - 2017-06-03 05:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2017-06-13 17:20 - 2017-06-03 05:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-06-13 17:20 - 2017-06-03 05:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-06-13 17:20 - 2017-06-03 05:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-06-13 17:20 - 2017-06-03 05:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-06-13 17:20 - 2017-06-03 05:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-06-13 17:20 - 2017-06-03 05:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2017-06-13 17:20 - 2017-06-03 04:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-06-13 17:20 - 2017-06-03 04:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-06-13 17:20 - 2017-06-03 04:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2017-06-13 17:20 - 2017-06-03 04:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-06-13 17:20 - 2017-06-03 04:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-06-13 17:20 - 2017-06-03 04:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-06-13 17:20 - 2017-06-03 04:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-06-13 17:20 - 2017-06-03 04:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-06-13 17:20 - 2017-05-20 03:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2017-06-13 17:20 - 2017-05-20 02:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2017-06-13 17:20 - 2017-05-20 02:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2017-06-13 17:20 - 2017-05-20 02:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2017-06-13 17:20 - 2017-05-20 02:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2017-06-13 17:20 - 2017-05-20 02:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-06-13 17:20 - 2017-05-20 02:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2017-06-13 17:20 - 2017-05-20 02:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-06-13 17:20 - 2017-05-20 02:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2017-06-13 17:20 - 2017-05-20 02:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-06-13 17:20 - 2017-05-20 02:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-06-13 17:20 - 2017-05-20 02:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
    2017-06-13 17:20 - 2017-05-20 02:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-06-13 17:20 - 2017-05-20 02:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
    2017-06-13 17:20 - 2017-05-20 02:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2017-06-13 17:20 - 2017-05-20 02:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
    2017-06-13 17:20 - 2017-05-20 02:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
    2017-06-13 17:20 - 2017-05-20 02:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
    2017-06-13 17:20 - 2017-05-20 02:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
    2017-06-13 17:20 - 2017-05-20 02:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2017-06-13 17:20 - 2017-05-20 02:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
    2017-06-13 17:20 - 2017-05-20 02:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-06-13 17:20 - 2017-05-20 02:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-06-13 17:20 - 2017-05-20 02:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
    2017-06-13 17:20 - 2017-05-20 02:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
    2017-06-13 17:20 - 2017-05-20 02:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-06-13 17:20 - 2017-05-20 02:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2017-06-13 17:20 - 2017-05-20 02:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-06-13 17:20 - 2017-05-20 02:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-06-13 17:20 - 2017-05-20 02:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2017-06-13 17:20 - 2017-05-20 02:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-06-13 17:20 - 2017-05-20 01:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2017-06-13 17:20 - 2017-05-20 01:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2017-06-13 17:20 - 2017-05-20 01:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-06-13 17:20 - 2017-05-20 01:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-06-13 17:20 - 2017-05-20 01:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2017-06-13 17:20 - 2017-05-20 01:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2017-06-13 17:20 - 2017-05-20 01:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-06-13 17:20 - 2017-05-20 01:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-06-13 17:20 - 2017-05-20 01:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-06-13 17:20 - 2017-05-20 01:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2017-06-13 17:20 - 2017-05-20 01:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2017-06-13 17:20 - 2017-05-20 01:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
    2017-06-13 17:20 - 2017-05-20 01:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2017-06-13 17:20 - 2017-05-20 01:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
    2017-06-13 17:20 - 2017-05-20 01:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
    2017-06-13 17:20 - 2017-05-20 01:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
    2017-06-13 17:19 - 2017-06-03 06:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-06-13 17:19 - 2017-06-03 06:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-06-13 17:19 - 2017-06-03 06:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-06-13 17:19 - 2017-06-03 06:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-06-13 17:19 - 2017-06-03 06:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-06-13 17:19 - 2017-06-03 06:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-06-13 17:19 - 2017-06-03 06:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-06-13 17:19 - 2017-06-03 06:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-06-13 17:19 - 2017-06-03 06:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-06-13 17:19 - 2017-06-03 06:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-06-13 17:19 - 2017-06-03 06:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-06-13 17:19 - 2017-06-03 06:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
    2017-06-13 17:19 - 2017-06-03 06:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2017-06-13 17:19 - 2017-06-03 05:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-06-13 17:19 - 2017-06-03 05:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-06-13 17:19 - 2017-06-03 05:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-06-13 17:19 - 2017-06-03 05:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
    2017-06-13 17:19 - 2017-06-03 05:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2017-06-13 17:19 - 2017-06-03 05:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-06-13 17:19 - 2017-06-03 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-06-13 17:19 - 2017-06-03 05:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-06-13 17:19 - 2017-06-03 05:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-06-13 17:19 - 2017-06-03 05:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
    2017-06-13 17:19 - 2017-06-03 05:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-06-13 17:19 - 2017-06-03 05:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-06-13 17:19 - 2017-06-03 05:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-06-13 17:19 - 2017-06-03 05:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-06-13 17:19 - 2017-06-03 05:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-06-13 17:19 - 2017-06-03 05:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-06-13 17:19 - 2017-06-03 04:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-06-13 17:19 - 2017-06-03 04:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2017-06-13 17:19 - 2017-06-03 04:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-06-13 17:19 - 2017-06-03 04:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2017-06-13 17:19 - 2017-06-03 04:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-06-13 17:19 - 2017-06-03 04:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2017-06-13 17:19 - 2017-06-03 04:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2017-06-13 17:19 - 2017-06-03 04:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
    2017-06-13 17:19 - 2017-05-20 03:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-06-13 17:19 - 2017-05-20 03:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-06-13 17:19 - 2017-05-20 03:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2017-06-13 17:19 - 2017-05-20 02:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
    2017-06-13 17:19 - 2017-05-20 02:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-06-13 17:19 - 2017-05-20 02:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-06-13 17:19 - 2017-05-20 02:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2017-06-13 17:19 - 2017-05-20 02:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-06-13 17:19 - 2017-05-20 02:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2017-06-13 17:19 - 2017-05-20 02:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-06-13 17:19 - 2017-05-20 02:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-06-13 17:19 - 2017-05-20 02:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2017-06-13 17:19 - 2017-05-20 02:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2017-06-13 17:19 - 2017-05-20 02:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2017-06-13 17:19 - 2017-05-20 02:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-06-13 17:19 - 2017-05-20 02:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2017-06-13 17:19 - 2017-05-20 02:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-06-13 17:19 - 2017-05-20 02:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2017-06-13 17:19 - 2017-05-20 02:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
    2017-06-13 17:19 - 2017-05-20 02:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-06-13 17:19 - 2017-05-20 02:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
    2017-06-13 17:19 - 2017-05-20 02:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
    2017-06-13 17:19 - 2017-05-20 02:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-06-13 17:19 - 2017-05-20 02:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-06-13 17:19 - 2017-05-20 02:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-06-13 17:19 - 2017-05-20 02:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2017-06-13 17:19 - 2017-05-20 02:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
    2017-06-13 17:19 - 2017-05-20 02:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2017-06-13 17:19 - 2017-05-20 02:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2017-06-13 17:19 - 2017-05-20 02:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2017-06-13 17:19 - 2017-05-20 02:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
    2017-06-13 17:19 - 2017-05-20 02:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-06-13 17:19 - 2017-05-20 02:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
    2017-06-13 17:19 - 2017-05-20 02:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
    2017-06-13 17:19 - 2017-05-20 02:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2017-06-13 17:19 - 2017-05-20 02:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2017-06-13 17:19 - 2017-05-20 02:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2017-06-13 17:19 - 2017-05-20 02:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
    2017-06-13 17:19 - 2017-05-20 02:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2017-06-13 17:19 - 2017-05-20 02:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2017-06-13 17:19 - 2017-05-20 01:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2017-06-13 17:19 - 2017-05-20 01:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2017-06-13 17:19 - 2017-05-20 01:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2017-06-13 17:19 - 2017-05-20 01:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-06-13 17:19 - 2017-05-20 01:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2017-06-13 17:19 - 2017-05-20 01:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2017-06-13 17:19 - 2017-05-20 01:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2017-06-13 17:19 - 2017-05-20 01:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-06-13 17:19 - 2017-05-20 01:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2017-06-13 17:19 - 2017-05-20 01:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2017-06-13 17:19 - 2017-05-20 01:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-06-13 17:19 - 2017-05-20 01:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-06-13 17:19 - 2017-05-20 01:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2017-06-13 17:19 - 2017-05-20 01:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2017-06-13 17:19 - 2017-05-20 01:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2017-06-13 17:19 - 2017-05-20 01:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-06-13 17:19 - 2017-05-20 01:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-06-13 17:19 - 2017-05-20 01:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2017-06-13 17:19 - 2017-05-20 01:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2017-06-13 17:19 - 2017-05-20 01:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
    2017-06-13 17:19 - 2017-05-20 01:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
    2017-06-10 21:41 - 2017-06-10 21:42 - 00000000 ____D C:\Users\Maeve\Downloads\``````Ancel
    2017-06-06 03:29 - 2017-06-07 03:58 - 00001307 _____ C:\Users\Maeve\Desktop\ConvertXToDVD 7.lnk
    2017-06-05 18:27 - 2017-06-26 11:53 - 00000000 ____D C:\Users\Maeve\Downloads\~~~~~~~~~~~~~~~~~~~~Fear The Walking Dead
    2017-05-30 05:25 - 2017-05-30 05:25 - 00122281 _____ C:\Users\Maeve\Desktop\LabCorp_ Patient Appointment Scheduling.pdf
    2017-05-28 05:01 - 2017-05-28 05:01 - 00000000 ____D C:\Users\Maeve\AppData\Local\PDFConverter.com
    2017-05-28 05:00 - 2017-05-28 05:00 - 00000000 ____D C:\Program Files\PDFConverter.com
    2017-05-27 14:43 - 2017-06-19 12:31 - 00000000 ____D C:\Users\Maeve\Desktop\Recipes
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-06-26 18:22 - 2015-05-14 20:44 - 00000000 ____D C:\Users\Maeve\AppData\Local\CrashDumps
    2017-06-26 18:21 - 2017-04-16 12:07 - 00000000 ____D C:\Users\Maeve
    2017-06-26 18:15 - 2017-04-16 12:28 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5B3E2B97-14BB-45C1-9A64-75BFAEB1DA02}
    2017-06-26 17:53 - 2017-04-16 12:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-06-26 16:10 - 2017-04-16 12:05 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-06-26 16:10 - 2015-05-14 14:47 - 00000000 __SHD C:\Users\Maeve\IntelGraphicsProfiles
    2017-06-26 16:09 - 2017-04-16 12:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-06-26 16:09 - 2017-03-18 07:40 - 01572864 _____ C:\WINDOWS\system32\config\BBI
    2017-06-26 15:50 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-06-26 15:07 - 2015-10-14 00:44 - 00000000 ____D C:\AdwCleaner
    2017-06-26 14:49 - 2015-10-14 00:28 - 00000000 ____D C:\Users\Maeve\AppData\Local\JDownloader v2.0
    2017-06-26 14:47 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-06-26 14:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-06-26 12:32 - 2015-07-16 05:27 - 00000000 ____D C:\Users\Maeve\Desktop\```Maeve
    2017-06-26 11:52 - 2015-05-18 01:24 - 00000000 ____D C:\Users\Maeve\AppData\Roaming\vlc
    2017-06-26 11:49 - 2015-09-22 05:55 - 00000000 ____D C:\Users\Maeve\Downloads\``Family Stuff
    2017-06-26 11:48 - 2015-12-22 02:38 - 00000000 ____D C:\Users\Maeve\Documents\ConvertXToDVD
    2017-06-26 11:45 - 2015-12-23 10:37 - 00000000 ____D C:\Users\Maeve\AppData\Roaming\dvdcss
    2017-06-25 07:17 - 2017-05-06 19:34 - 00000000 ____D C:\Users\Maeve\Desktop\Maeve
    2017-06-25 07:04 - 2017-02-08 09:43 - 00000000 ____D C:\Users\Maeve\AppData\LocalLow\Mozilla
    2017-06-24 14:03 - 2015-01-31 08:14 - 00000000 ____D C:\Program Files\Dell
    2017-06-24 10:18 - 2015-09-17 19:20 - 00000000 ____D C:\Users\Maeve\Downloads\````CJ````
    2017-06-24 01:26 - 2015-01-31 08:24 - 00000000 ____D C:\ProgramData\PCDr
    2017-06-23 18:34 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
    2017-06-23 02:12 - 2017-04-16 12:22 - 01023996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-06-23 02:07 - 2015-10-14 01:08 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-06-23 01:18 - 2016-09-10 06:42 - 00000000 ____D C:\Program Files (x86)\HSoftware
    2017-06-23 01:18 - 2015-01-31 08:24 - 00000000 ____D C:\Program Files (x86)\Amazon
    2017-06-22 13:25 - 2015-01-31 08:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2017-06-22 06:24 - 2017-04-16 12:28 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-06-22 06:24 - 2015-07-31 12:47 - 00002365 _____ C:\Users\Maeve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-06-22 06:24 - 2015-05-14 14:52 - 00000000 ___RD C:\Users\Maeve\OneDrive
    2017-06-21 18:25 - 2015-12-16 08:57 - 00000000 ____D C:\Users\Maeve\Downloads\``Cash And Royal
    2017-06-15 18:34 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
    2017-06-13 22:08 - 2015-05-14 16:20 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-06-13 22:05 - 2017-04-16 12:01 - 00414392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-06-13 22:04 - 2015-07-29 18:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-06-13 22:04 - 2015-07-29 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
    2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
    2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-06-13 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-06-13 17:38 - 2015-05-15 19:54 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-06-13 17:34 - 2015-05-15 19:54 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-06-13 17:30 - 2015-07-29 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-06-07 03:58 - 2015-12-22 02:38 - 00099384 _____ C:\Users\Maeve\AppData\Roaming\inst.exe
    2017-06-07 03:58 - 2015-12-22 02:38 - 00082816 _____ (VSO Software) C:\Users\Maeve\AppData\Roaming\pcouffin.sys
    2017-06-07 03:58 - 2015-12-22 02:38 - 00007859 _____ C:\Users\Maeve\AppData\Roaming\pcouffin.cat
    2017-06-07 03:58 - 2015-12-22 02:38 - 00000000 ____D C:\Users\Maeve\AppData\Roaming\Vso
    2017-06-06 03:29 - 2015-12-22 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
    2017-05-31 18:42 - 2015-08-24 22:22 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2017-05-30 09:11 - 2015-05-14 14:48 - 00000000 ____D C:\Users\Maeve\AppData\Local\VirtualStore
     
    ==================== Files in the root of some directories =======
     
    2015-12-22 02:38 - 2017-06-07 03:58 - 0099384 _____ () C:\Users\Maeve\AppData\Roaming\inst.exe
    2015-12-22 02:38 - 2017-06-07 03:58 - 0007859 _____ () C:\Users\Maeve\AppData\Roaming\pcouffin.cat
    2015-12-22 02:38 - 2017-06-07 03:58 - 0001167 _____ () C:\Users\Maeve\AppData\Roaming\pcouffin.inf
    2015-12-22 02:38 - 2017-06-07 03:58 - 0000055 _____ () C:\Users\Maeve\AppData\Roaming\pcouffin.log
    2015-12-22 02:38 - 2017-06-07 03:58 - 0082816 _____ (VSO Software) C:\Users\Maeve\AppData\Roaming\pcouffin.sys
    2016-01-23 12:55 - 2016-01-23 12:55 - 0000057 _____ () C:\ProgramData\Ament.ini
    2017-04-16 12:04 - 2017-04-16 12:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-12-18 17:05 - 2017-01-08 19:58 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2015-01-31 08:13 - 2015-01-31 08:14 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2015-01-31 08:10 - 2015-01-31 08:11 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2015-01-31 08:11 - 2015-01-31 08:12 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2015-01-31 08:12 - 2015-01-31 08:13 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2015-01-31 08:09 - 2015-01-31 08:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
     
    Some files in TEMP:
    ====================
    2017-06-06 10:22 - 2017-06-06 10:22 - 0006144 _____ () C:\Users\Maeve\AppData\Local\Temp\-zqz5by2.dll
    2017-06-06 13:47 - 2017-06-06 13:47 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\Maeve\AppData\Local\Temp\COMAP.EXE
    2017-06-23 00:20 - 2017-03-18 16:57 - 1930320 _____ (Microsoft Corporation) C:\Users\Maeve\AppData\Local\Temp\dllnt_dump.dll
    2017-06-09 03:50 - 2017-06-09 03:50 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\du6otcsn.dll
    2017-04-28 15:29 - 2017-04-28 15:29 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\earotdjf.dll
    2017-06-26 14:48 - 2017-06-26 14:48 - 0040448 _____ () C:\Users\Maeve\AppData\Local\Temp\proxy_vole4464884431872461550.dll
    2017-05-06 19:17 - 2017-05-06 19:17 - 0006144 _____ () C:\Users\Maeve\AppData\Local\Temp\s2voxetp.dll
    2017-06-22 21:39 - 2017-06-22 21:39 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\tfg_u3s6.dll
    2017-05-11 05:41 - 2017-05-11 05:41 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\vmcfiv8e.dll
    2017-04-21 05:25 - 2017-04-21 05:25 - 0000000 _____ () C:\Users\Maeve\AppData\Local\Temp\vwvp5kcg.dll
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-06-17 12:45
     
    ==================== End of FRST.txt ============================
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
    Ran by Maeve (26-06-2017 18:27:26)
    Running from C:\Users\Maeve\Desktop
    Windows 10 Home Version 1703 (X64) (2017-04-16 16:38:18)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-1947456416-407860107-2531499371-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1947456416-407860107-2531499371-503 - Limited - Disabled)
    Guest (S-1-5-21-1947456416-407860107-2531499371-501 - Limited - Disabled)
    Maeve (S-1-5-21-1947456416-407860107-2531499371-1001 - Administrator - Enabled) => C:\Users\Maeve
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\Amazon Kindle) (Version:  - Amazon)
    AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
    Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
    Dell SupportAssistAgent (HKLM\...\{E1B18D9E-1B56-4E75-A58C-B31B46CE630C}) (Version: 2.0.0.186 - Dell)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
    Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.39 - PC Drivers HeadQuarters LP) <==== ATTENTION
    Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
    Facebook Games Arcade 0.10.0.1 (HKLM-x32\...\{3B0B9D77-F8F9-46E8-99B0-E874B4E500E5}) (Version: 0.10.0.1 - Facebook)
    Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
    HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    IncrediMail (x32 Version: 6.6.0.5328 - IncrediMail) Hidden
    IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
    Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
    MakeMKV v1.9.5 (HKLM-x32\...\MakeMKV) (Version: v1.9.5 - GuinpinSoft inc)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.46 - mIRC Co. Ltd.)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.326 - Qualcomm Atheros Communications)
    QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.25 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
    True Color (HKLM-x32\...\{d3c1120e-12a0-45ac-ad51-e255f518ce24}) (Version: 5.0.0.6 - Entertainment Experience)
    True Color (Version: 5.0.0.6 - Entertainment Experience LLC) Hidden
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.40 - VSO Software)
    VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.40 - VSO Software)
    Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {02934A23-D261-44A6-B524-3C3061CCE928} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
    Task: {0785B6BE-6D78-4430-BD2B-99382C34C12A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-13] (Microsoft Corporation)
    Task: {0E120543-7402-4EA3-8305-CD7D89465D79} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
    Task: {111440B4-8E33-46BE-AB39-17FABA113251} - System32\Tasks\{CAFD31E7-4AB6-4CE7-97E9-F7B5A429B83B} => pcalua.exe -a C:\WINDOWS\8a24a6a8eb4bc08f0ffb883ccf7058b1.exe
    Task: {1AE11787-6432-4132-94C7-E77520C564F4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {2117462C-2CAB-4249-82CB-73814E8A934B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {21AFFB76-EBC8-46E0-879E-91976EDA9348} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {22534896-3061-4F8B-ADA9-B797EB961276} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
    Task: {2DFC5523-E1D4-413F-A9ED-C2AE3BBA6F41} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-12-11] (Realtek Semiconductor)
    Task: {334FE433-3A3E-48A2-9F31-45F999DADA43} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {3E6AA491-06B8-4AB7-9E62-27C9CEFF690E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {3F777521-E484-4F64-B385-21B2C498019B} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
    Task: {471A0CB5-F6A0-416E-8628-6323788FBEEF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {4780B6F0-588D-4BD7-B65F-5117442F163C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {4A751304-9483-4261-9BDF-E6AD18F09BA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
    Task: {4E6BF1C0-DE22-4DFD-8D86-6018A77F6CD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
    Task: {58C7E33C-57E5-46DD-9F5C-6D49721B91C6} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
    Task: {61B73F96-25AF-4894-9468-42FEA43616DC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {63CE90EF-D4FF-4106-A4BC-7D5CA12CC58D} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {6C91361C-6E9F-449A-B94B-784246C41F3F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-06-21] (Dell Inc.)
    Task: {76064295-D75E-4FD2-BCBB-B30A4A611382} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {8EC0E902-0A37-4E69-BF18-C165A79F18C9} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2017-02-22] (PC Drivers Headquarters LP)
    Task: {972605B5-7476-4991-BE27-BFEEEC0D1433} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
    Task: {A15EC496-9303-42D3-9A2B-C29125301C60} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-02-16] (Synaptics Incorporated)
    Task: {A706E4FD-3A08-41E2-BB66-AAFE212ECFF1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {B5FDD850-1E85-4E23-A2A8-61C46ABC65D6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B6993990-7687-4E33-BB80-FEE1F152C888} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {BE712FA8-8E56-4E9F-B6F4-564C712D82E0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {C6FDB1C4-DC25-456B-AD6E-07564197BB1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
    Task: {D0065951-B719-4DD0-8CE3-A7FC3370F68D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {DF18E3D0-F886-4561-9125-636AA9960CE6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {DF6487CC-0FEC-40F3-84A0-20556F686B97} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {E8637912-1218-4357-B2C1-DE746278D94E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {F18EFEFF-5FE3-4B67-AE93-A465C10C248E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {F23935FE-9395-4199-8EA5-2CF18E9C16DF} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
    Task: {F855FB01-C4B4-4469-B7EA-8DEAB37D5595} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {FF3DDCC3-3AA8-482E-9D14-603AE30596E9} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
    Task: {FF9A2FCC-703A-4630-9B47-223F1451F8FC} - \WPD\SqmUpload_S-1-5-21-1947456416-407860107-2531499371-1001 -> No File <==== ATTENTION
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\RunDFS.job => cmd /c sc start Dell Foundation Services WORKGROUP MAEVE
     
    ==================== Shortcuts & WMI ========================
     
    (The entries could be listed to be restored or removed.)
     
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2014-02-10 15:17 - 2014-02-10 15:17 - 00466944 _____ () C:\WINDOWS\system32\DPPPlugin.dll
    2014-10-17 16:16 - 2014-10-17 16:16 - 00093648 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
    2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2017-02-16 01:21 - 2017-02-16 01:21 - 00410616 _____ () C:\WINDOWS\system32\igfxTray.exe
    2016-07-28 18:11 - 2016-07-28 18:11 - 00042928 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe
    2017-05-15 20:08 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
    2017-05-15 20:08 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
    2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
    2016-04-29 08:55 - 2016-04-29 08:55 - 01028608 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\CefSharp.Core.dll
    2016-04-29 08:55 - 2016-04-29 08:55 - 56718848 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\libcef.dll
    2015-01-31 08:10 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-03-05 15:41 - 2013-03-05 15:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2016-04-29 08:55 - 2016-04-29 08:55 - 00688640 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
    2016-04-29 08:55 - 2016-04-29 08:55 - 02127872 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\libglesv2.dll
    2016-04-29 08:55 - 2016-04-29 08:55 - 00075776 _____ () C:\Users\Maeve\AppData\Local\Facebook\Games\libegl.dll
    2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
    2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
    2014-09-03 15:03 - 2014-09-03 15:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
    IE trusted site: HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\driversupport.com -> hxxp://apps.driversupport.com
    IE trusted site: HKU\S-1-5-21-1947456416-407860107-2531499371-1001\...\driversupport.com -> hxxps://apps.driversupport.com
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 09:25 - 2015-10-25 20:15 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-1947456416-407860107-2531499371-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maeve\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{5f181232-3ee7-445c-97b9-f908435979d2}.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [{984A5C38-7813-4056-B46D-07CFEC8B78CC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [{D5422E07-AAFB-40AD-8B00-395928B9CF2B}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [{ED200A4C-76F1-4719-A94F-7F06C32FF538}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    FirewallRules: [{DC025BF8-E668-49A7-BAC3-91D8AB870FBA}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    FirewallRules: [{7EBCFF1F-8A7A-4CE6-B1E5-7182D6719151}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    FirewallRules: [{FBD12E40-EA25-4A74-983B-E6010777CD5F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    FirewallRules: [{889F598C-0FF2-45DB-8502-4E09A927906E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{EB98A878-2F19-4FC5-8312-D1F3DF59EB60}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{6ED4C7D4-4FCB-4422-8984-013B3B8BBBB3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{32ED0146-1779-47E7-A680-F4914201F850}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{D288403E-8316-4CA6-AB9B-A9018C05E691}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{A5D767FD-A565-469A-9C94-E53882A51258}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [UDP Query User{E75F7BEB-00A1-4415-BA28-0A9CD3618C38}C:\users\maeve\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\maeve\appdata\local\jdownloader v2.0\jdownloader2.exe
    FirewallRules: [TCP Query User{9DEAD310-B9D8-4194-941F-C1E5C80AFC23}C:\users\maeve\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\maeve\appdata\local\jdownloader v2.0\jdownloader2.exe
    FirewallRules: [{7065D69C-EF49-4522-93F1-2F736639B2DF}] => (Block) C:\mirc\mirc.exe
    FirewallRules: [{9B4DFDCD-68DF-4854-88B3-0C0D45633ADA}] => (Block) C:\mirc\mirc.exe
    FirewallRules: [UDP Query User{C42B3182-B98E-47E9-95CE-BD410B999F8F}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe
    FirewallRules: [TCP Query User{89C281BE-C300-409E-8776-C389EFAF2E8F}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe
    FirewallRules: [{0ADE35FE-5B1E-48B6-BCE0-57A41171AA17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{062568B6-2E0C-4DD9-900F-437E3FC2C683}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [UDP Query User{8113973F-A467-4CFF-A5F6-D894BC4C4B94}C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe
    FirewallRules: [TCP Query User{31738010-F4BC-4C0A-AC3C-F8D6262D072C}C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe
    FirewallRules: [{3CBA7E9F-8F97-4721-A423-D32598EE7AEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    ==================== Restore Points =========================
     
    09-06-2017 13:37:29 Scheduled Checkpoint
    13-06-2017 17:24:18 Windows Update
    22-06-2017 00:06:39 Scheduled Checkpoint
    26-06-2017 15:17:24 JRT Pre-Junkware Removal
    26-06-2017 15:20:06 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (06/26/2017 06:24:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
    Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (06/26/2017 06:22:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
    Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (06/26/2017 06:22:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
    Description: Activation of app DellInc.DellShop_htrsf667h5kn2!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (06/26/2017 06:22:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: wwahost.exe, version: 10.0.15063.0, time stamp: 0x7db1d7ee
    Faulting module name: wwahost.exe, version: 10.0.15063.0, time stamp: 0x7db1d7ee
    Exception code: 0xc0000409
    Fault offset: 0x000000000004ea04
    Faulting process id: 0x23cc
    Faulting application start time: 0x01d2eecab889f229
    Faulting application path: C:\WINDOWS\system32\wwahost.exe
    Faulting module path: C:\WINDOWS\system32\wwahost.exe
    Report Id: 48a048b7-5e1d-4431-930b-2ebb2feea12a
    Faulting package full name: DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2
    Faulting package-relative application ID: App
     
    Error: (06/26/2017 06:21:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
    Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (06/26/2017 06:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Microsoft.StickyNotes.exe, version: 1.8.0.0, time stamp: 0x58d88b40
    Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
    Exception code: 0x00031288
    Fault offset: 0x000000000041cf48
    Faulting process id: 0x21dc
    Faulting application start time: 0x01d2eeca90b66d84
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
    Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
    Report Id: 66938292-058c-4b62-b911-940d70a75c54
    Faulting package full name: Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
     
    Error: (06/26/2017 06:09:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
    Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (06/26/2017 06:09:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Music.UI.exe, version: 10.17042.1411.0, time stamp: 0x5926a8fc
    Faulting module name: Music.UI.exe, version: 10.17042.1411.0, time stamp: 0x5926a8fc
    Exception code: 0xc000027b
    Fault offset: 0x0000000001124f17
    Faulting process id: 0x1608
    Faulting application start time: 0x01d2eec8e7b28450
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
    Faulting module path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
    Report Id: 62349648-c9da-441f-a90f-e205190bdfa9
    Faulting package full name: Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: Microsoft.ZuneMusic
     
    Error: (06/26/2017 06:08:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAEVE)
    Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (06/26/2017 06:08:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1706.13001, time stamp: 0x594028ed
    Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
    Exception code: 0x00031288
    Fault offset: 0x000000000041cf48
    Faulting process id: 0x1e38
    Faulting application start time: 0x01d2eec8b3de6034
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
    Report Id: 0d1c3686-39d6-471d-8628-2ba907704df2
    Faulting package full name: Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
     
     
    System errors:
    =============
    Error: (06/26/2017 06:24:40 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
     
    Error: (06/26/2017 06:22:43 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Error: (06/26/2017 06:22:42 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Error: (06/26/2017 06:21:35 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe!App did not register with DCOM within the required timeout.
     
    Error: (06/26/2017 06:09:42 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe!Microsoft.ZuneMusic.AppXg7frm9cyrqhbagxce6zrshkx8fn0ycca.mca did not register with DCOM within the required timeout.
     
    Error: (06/26/2017 06:08:13 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
    Error: (06/26/2017 06:07:41 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Error: (06/26/2017 06:07:41 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
     
    Error: (06/26/2017 06:07:39 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Error: (06/26/2017 05:58:11 PM) (Source: DCOM) (EventID: 10010) (User: MAEVE)
    Description: The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
     
    CodeIntegrity:
    ===================================
      Date: 2017-06-26 12:48:42.363
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-06-23 13:13:12.186
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-06-21 21:07:46.845
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-06-17 03:40:16.933
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-06-14 12:58:10.030
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-06-10 13:37:48.349
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-06-09 12:53:00.238
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-06-07 14:46:26.777
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-06-06 14:08:17.050
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-06-04 16:14:40.433
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
    Percentage of memory in use: 43%
    Total physical RAM: 8103.66 MB
    Available physical RAM: 4609.01 MB
    Total Virtual: 9383.66 MB
    Available Virtual: 5718.21 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:920.61 GB) (Free:583.71 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 9021422C)
     
    Partition: GPT.
     
    ==================== End of Addition.txt ============================
     
     
     
     

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    I think we need to try 
    Windows Repair all in one
     
     
    Download it and save it then run it.
     
    You can skip to step 4 or 5 where it gives you the same picture as in the above link.
     
    Make sure all of these are checked before hitting Start: (others may be left checked.  Won't hurt anything just takes a bit longer)
     
    Reset Registry Permissions
    Reset File Permissions
    Register System Files
    Repair WMI
    Repair Windows Firewall
    Repair Internet Explorer
    Remove Policies Set By Infections
    Remove Temp Files
    Repair Proxy Settings
    Unhide Non System Files
    Repair Windows Updates
     
    Reboot when done and run VEW again as before.

    • 0

    #5
    UneekOne

    UneekOne

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    Vino's Event Viewer v01c run on Windows 7 in English
    Report run at 26/06/2017 6:24:50 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/06/2017 6:36:42 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    Log: 'System' Date/Time: 26/06/2017 9:50:37 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    Log: 'System' Date/Time: 09/06/2017 8:13:43 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    Log: 'System' Date/Time: 21/05/2017 2:32:14 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    Log: 'System' Date/Time: 19/04/2017 8:30:36 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/06/2017 10:24:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:22:43 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:22:42 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:21:35 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe!App did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:09:42 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe!Microsoft.ZuneMusic.AppXg7frm9cyrqhbagxce6zrshkx8fn0ycca.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:08:13 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:07:41 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:07:41 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 10:07:39 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:58:11 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:54:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:54:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:40:48 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:39:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:39:39 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:34:12 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2!App.AppXjmnhxbefnbn0ghxeqxhfy9zttcep5b23.wwa did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:34:11 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:26:58 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:24:44 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
     
    Log: 'System' Date/Time: 26/06/2017 9:24:40 PM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c!App.AppXqyavmwfn2qb1we78b13p1jxa713b16t1.mca did not register with DCOM within the required timeout.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 26/06/2017 8:10:45 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 8:10:45 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 8:10:45 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 8:10:45 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 8:09:40 PM
    Type: Warning Category: 0
    Event: 34 Source: BTHUSB
    The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
     
    Log: 'System' Date/Time: 26/06/2017 8:09:34 PM
    Type: Warning Category: 0
    Event: 1 Source: rt640x64
    Realtek PCIe FE Family Controller is disconnected from network.
     
    Log: 'System' Date/Time: 26/06/2017 7:10:02 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 7:10:02 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 7:10:02 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 7:10:02 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 7:08:57 PM
    Type: Warning Category: 0
    Event: 34 Source: BTHUSB
    The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
     
    Log: 'System' Date/Time: 26/06/2017 7:08:51 PM
    Type: Warning Category: 0
    Event: 1 Source: rt640x64
    Realtek PCIe FE Family Controller is disconnected from network.
     
    Log: 'System' Date/Time: 26/06/2017 6:38:05 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 6:38:05 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 6:38:05 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 6:38:05 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 6:37:03 PM
    Type: Warning Category: 0
    Event: 34 Source: BTHUSB
    The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
     
    Log: 'System' Date/Time: 26/06/2017 6:36:54 PM
    Type: Warning Category: 0
    Event: 1 Source: rt640x64
    Realtek PCIe FE Family Controller is disconnected from network.
     
    Log: 'System' Date/Time: 26/06/2017 9:52:01 AM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
     
    Log: 'System' Date/Time: 26/06/2017 9:52:01 AM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    I don't see any new errors.  How is it running now?  Are you still getting popups?  Start button, Search, Sound?


    • 0

    #7
    UneekOne

    UneekOne

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts

    It's running much better - no popups - start button works - sound works - search is back.

     

    Windows keeps resetting my default apps (example: Chrome to Microsoft Edge)

     

    Other than that all seems fine.


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Common problem with Edge.  Appears to be related to not using a Microsoft account to log in.  See:

     

    http://www.winhelpon...ing-windows-10/

     

    Does that help?


    • 0

    #9
    UneekOne

    UneekOne

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts

    Yes it helps - everything seems back in order.

     

    Thank you so very much for your help RKinner.

    I truly appreciate it.


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    Time to clean up:
     
    If we installed Speccy it needs to be uninstalled.  Ditto for Windows Repair All In One.   Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
     
    If you use Chrome/Firefox then get the Ublock Origin  Add-on from https://www.ublock.org/.  For IE go to adblockplus.org  and get the add-on.  (It's actually a program for IE)
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
     
    To prevent a relatively new phishing attack:  In Firefox, type:
     
    about:config
     
    in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in 
     
    puny
     
    You should only get one option:
    network.IDN_show_punycode
    We want it to say True but by default it is False so double click on it to toggle from False to True.
    Close and restart firefox.
     
    To test it you can go to:
     
     
    If the value is false you will see https://www.apple.cominstead of the correct value
     
     
    If you are a Facebook user get the FB Purity extension for your browser:
    This will stop all of the suggested pages and ads so that Facebook loads much quicker.
     
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     
     
    My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
    (The name means something like "clean place" in one of the local native-American dialects)

    • 0

    #11
    UneekOne

    UneekOne

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts

    I did the clean up and all still seems well at this time. Thanks a lot for the suggestions - prevention works way better for me.

     

    Once again I appreciate your help.

     

    Peace


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP