Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Am I clean?

Started by tarodevi , Nov 20 2017 03:21 PM

This topic is locked

#1
tarodevi

Posted 20 November 2017 - 03:21 PM

New Member

Member
4 posts

Hi all, thank you for the valuable service and volunteering you provide.

I am starting a new job and need to use my personal computer for some sensitive things (sensitive from the company's perspective). I wanted to see if there are any glaring problems or possible malware that might compromise my work by stealing company secrets, etc. I am worried about keyloggers but also viruses/malware in general. I am not having any symptoms. Thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017

Ran by tarod (administrator) on DESKTOP-PWFJS2U (20-11-2017 16:05:59)

Running from C:\Users\tarod\Desktop

Loaded Profiles: tarod (Available Profiles: tarod)

Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe

(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe

(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxEM.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\IntelCpHeciSvc.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe

(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe

(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe

(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe

(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe

(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe

(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe

(Microsoft Corporation) C:\Windows\System32\wimserv.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe

() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8908320 2016-09-26] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1477152 2016-09-26] (Realtek Semiconductor)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-10-05] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [522552 2015-12-10] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-12-10] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)

Winlogon\Notify\ScCertProp: wlnotify.dll [X]

HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-03-07]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{8a297c7d-c3e0-4202-8832-528293a30b2c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:

==================

HKU\S-1-5-21-627781820-1686477350-2944828948-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.com

HKU\S-1-5-21-627781820-1686477350-2944828948-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE

SearchScopes: HKU\S-1-5-21-627781820-1686477350-2944828948-1001 -> {A49D3283-CCF4-438D-8FAA-13087B9628F9} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=316617&p={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

FireFox:

========

FF DefaultProfile: 7m63g83o.default

FF ProfilePath: C:\Users\tarod\AppData\Roaming\Mozilla\Firefox\Profiles\7m63g83o.default [2017-11-20]

FF Homepage: Mozilla\Firefox\Profiles\7m63g83o.default -> google.com

FF Keyword.URL: Mozilla\Firefox\Profiles\7m63g83o.default -> hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=316617&p=

FF Extension: (DownThemAll!) - C:\Users\tarod\AppData\Roaming\Mozilla\Firefox\Profiles\7m63g83o.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-01-03] [Lagacy]

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=316617&fr=yo-yhp-ch"

CHR NewTab: Default -> Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"

CHR Profile: C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default [2017-11-20]

CHR Extension: (Slides) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]

CHR Extension: (Docs) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]

CHR Extension: (Google Drive) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-23]

CHR Extension: (YouTube) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-23]

CHR Extension: (Sheets) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]

CHR Extension: (Google Docs Offline) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]

CHR Extension: (AdBlock) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-18]

CHR Extension: (Momentum) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-11-18]

CHR Extension: (Chrome Web Store Payments) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]

CHR Extension: (Gmail) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-23]

CHR Extension: (Chrome Media Router) - C:\Users\tarod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-18]

CHR HKU\S-1-5-21-627781820-1686477350-2944828948-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kincmhfambjnciidkendiplanfiiemgm] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-10-05] (AVG Technologies CZ, s.r.o.)

R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7496672 2017-10-05] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)

R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2297104 2015-10-29] (Broadcom Corporation.)

R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)

R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)

R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)

R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)

R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)

R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)

R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [122400 2017-10-13] (Dell)

R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] ()

R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)

R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel® Corporation)

R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]

S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [323352 2016-09-26] (Realtek Semiconductor)

R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)

S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)

R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-10-05] (AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314640 2017-10-05] (AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-10-05] (AVG Technologies CZ, s.r.o.)

R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-10-05] (AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-10-05] (AVG Technologies CZ, s.r.o.)

S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-10-05] (AVG Technologies CZ, s.r.o.)

R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [140192 2017-10-05] (AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102792 2017-10-05] (AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-10-05] (AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1022288 2017-11-17] (AVG Technologies CZ, s.r.o.)

R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [579584 2017-10-05] (AVG Technologies CZ, s.r.o.)

R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [193768 2017-10-05] (AVG Technologies CZ, s.r.o.)

R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [355856 2017-10-05] (AVG Technologies CZ, s.r.o.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227136 2015-10-29] (Broadcom Corporation.)

R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1046296 2016-05-03] (Broadcom Corp)

R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)

R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)

R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)

R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)

R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-19] (Intel Corporation)

R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)

R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-03-21] (Realsil Semiconductor Corporation)

S3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-20 16:05 - 2017-11-20 16:06 - 000026484 _____ C:\Users\tarod\Desktop\FRST.txt

2017-11-20 16:05 - 2017-11-20 16:05 - 002391552 _____ (Farbar) C:\Users\tarod\Desktop\FRST64.exe

2017-11-20 16:05 - 2017-11-20 16:05 - 000000000 ____D C:\FRST

2017-11-20 13:49 - 2017-11-20 13:49 - 000000000 ____D C:\Users\tarod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth

2017-11-19 11:07 - 2017-11-19 11:07 - 000000000 ____D C:\Windows.old

2017-11-14 19:03 - 2017-11-02 00:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2017-11-14 19:03 - 2017-11-01 23:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-11-14 19:03 - 2017-11-01 23:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2017-11-14 19:03 - 2017-11-01 23:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2017-11-14 19:03 - 2017-11-01 23:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2017-11-14 19:03 - 2017-11-01 23:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2017-11-14 19:03 - 2017-11-01 23:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2017-11-14 19:03 - 2017-11-01 23:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2017-11-14 19:03 - 2017-11-01 23:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2017-11-14 19:03 - 2017-11-01 23:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2017-11-14 19:03 - 2017-11-01 23:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2017-11-14 19:03 - 2017-11-01 23:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-11-14 19:03 - 2017-11-01 23:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-11-14 19:03 - 2017-11-01 23:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-11-14 19:03 - 2017-11-01 23:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

2017-11-14 19:03 - 2017-11-01 23:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE

2017-11-14 19:03 - 2017-11-01 23:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-11-14 19:03 - 2017-11-01 23:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-11-14 19:03 - 2017-11-01 23:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2017-11-14 19:03 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2017-11-14 19:03 - 2017-11-01 23:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll

2017-11-14 19:03 - 2017-11-01 23:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-11-14 19:03 - 2017-11-01 23:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-11-14 19:03 - 2017-11-01 23:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll

2017-11-14 19:03 - 2017-11-01 23:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2017-11-14 19:03 - 2017-11-01 23:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-11-14 19:03 - 2017-11-01 23:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll

2017-11-14 19:03 - 2017-11-01 23:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2017-11-14 19:03 - 2017-11-01 23:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2017-11-14 19:03 - 2017-11-01 23:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2017-11-14 19:03 - 2017-11-01 23:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2017-11-14 19:03 - 2017-11-01 23:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll

2017-11-14 19:03 - 2017-11-01 23:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll

2017-11-14 19:03 - 2017-11-01 23:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-11-14 19:03 - 2017-11-01 23:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2017-11-14 19:03 - 2017-11-01 23:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2017-11-14 19:03 - 2017-11-01 23:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll

2017-11-14 19:03 - 2017-11-01 23:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll

2017-11-14 19:03 - 2017-11-01 23:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-11-14 19:03 - 2017-11-01 23:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-11-14 19:03 - 2017-11-01 23:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2017-11-14 19:03 - 2017-11-01 23:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll

2017-11-14 19:03 - 2017-11-01 23:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2017-11-14 19:03 - 2017-11-01 23:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2017-11-14 19:03 - 2017-11-01 23:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-11-14 19:03 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2017-11-14 19:03 - 2017-11-01 23:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2017-11-14 19:03 - 2017-10-25 02:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll

2017-11-14 19:03 - 2017-10-15 10:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-11-14 19:03 - 2017-10-15 10:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-11-14 19:03 - 2017-10-15 09:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-11-14 19:03 - 2017-10-15 09:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-11-14 19:03 - 2017-10-15 09:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll

2017-11-14 19:03 - 2017-10-15 09:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-11-14 19:03 - 2017-10-15 09:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-11-14 19:03 - 2017-10-15 09:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll

2017-11-14 19:03 - 2017-10-15 09:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2017-11-14 19:03 - 2017-10-15 09:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-11-14 19:03 - 2017-10-15 09:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2017-11-14 19:03 - 2017-10-15 09:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-11-14 19:03 - 2017-10-15 09:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-11-14 19:02 - 2017-11-02 00:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2017-11-14 19:02 - 2017-11-01 23:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-11-14 19:02 - 2017-10-15 10:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-11-14 18:58 - 2017-11-02 00:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll

2017-11-14 18:58 - 2017-11-02 00:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys

2017-11-14 18:58 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2017-11-14 18:58 - 2017-11-02 00:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2017-11-14 18:58 - 2017-11-01 23:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-11-14 18:58 - 2017-11-01 23:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll

2017-11-14 18:58 - 2017-11-01 23:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-11-14 18:58 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2017-11-14 18:58 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2017-11-14 18:58 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2017-11-14 18:58 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

2017-11-14 18:58 - 2017-11-01 23:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-11-14 18:58 - 2017-11-01 23:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll

2017-11-14 18:58 - 2017-11-01 23:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll

2017-11-14 18:58 - 2017-11-01 23:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe

2017-11-14 18:58 - 2017-11-01 23:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2017-11-14 18:58 - 2017-11-01 23:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll

2017-11-14 18:58 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2017-11-14 18:58 - 2017-11-01 23:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-11-14 18:58 - 2017-11-01 23:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-11-14 18:58 - 2017-11-01 23:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2017-11-14 18:58 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-11-14 18:58 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-11-14 18:58 - 2017-10-15 09:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-11-14 18:58 - 2017-10-15 09:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-11-14 18:58 - 2017-10-15 09:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2017-11-14 18:58 - 2017-10-15 09:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll

2017-11-14 18:57 - 2017-11-02 00:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-11-14 18:57 - 2017-11-02 00:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2017-11-14 18:57 - 2017-11-02 00:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2017-11-14 18:57 - 2017-11-02 00:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2017-11-14 18:57 - 2017-11-02 00:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-11-14 18:57 - 2017-11-02 00:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2017-11-14 18:57 - 2017-11-02 00:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-11-14 18:57 - 2017-11-02 00:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2017-11-14 18:57 - 2017-11-01 23:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe

2017-11-14 18:57 - 2017-11-01 23:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll

2017-11-14 18:57 - 2017-11-01 23:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll

2017-11-14 18:57 - 2017-11-01 23:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-11-14 18:57 - 2017-11-01 23:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-11-14 18:57 - 2017-11-01 23:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe

2017-11-14 18:57 - 2017-11-01 23:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2017-11-14 18:57 - 2017-11-01 23:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll

2017-11-14 18:57 - 2017-11-01 23:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2017-11-14 18:57 - 2017-11-01 23:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2017-11-14 18:57 - 2017-11-01 23:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll

2017-11-14 18:57 - 2017-11-01 23:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2017-11-14 18:57 - 2017-11-01 23:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll

2017-11-14 18:57 - 2017-11-01 23:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll

2017-11-14 18:57 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2017-11-14 18:57 - 2017-11-01 23:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2017-11-14 18:57 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-11-14 18:57 - 2017-11-01 23:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll

2017-11-14 18:57 - 2017-11-01 23:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2017-11-14 18:57 - 2017-11-01 23:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-11-14 18:57 - 2017-11-01 23:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2017-11-14 18:57 - 2017-11-01 23:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-11-14 18:57 - 2017-11-01 23:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2017-11-14 18:57 - 2017-11-01 23:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-11-14 18:57 - 2017-11-01 23:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2017-11-14 18:57 - 2017-11-01 23:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-11-14 18:57 - 2017-11-01 23:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2017-11-14 18:57 - 2017-10-15 09:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2017-11-14 18:57 - 2017-10-15 09:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-11-14 18:57 - 2017-10-15 09:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-11-14 18:57 - 2017-10-15 09:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-11-14 18:57 - 2017-10-15 09:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-11-14 18:57 - 2017-10-15 09:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-11-14 18:56 - 2017-11-02 00:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-11-14 18:56 - 2017-11-02 00:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2017-11-14 18:56 - 2017-11-02 00:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-11-14 18:56 - 2017-11-02 00:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2017-11-14 18:56 - 2017-11-02 00:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2017-11-14 18:56 - 2017-11-02 00:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2017-11-14 18:56 - 2017-11-02 00:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-11-14 18:56 - 2017-11-02 00:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-11-14 18:56 - 2017-11-02 00:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2017-11-14 18:56 - 2017-11-02 00:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-11-14 18:56 - 2017-11-02 00:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-11-14 18:56 - 2017-11-02 00:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2017-11-14 18:56 - 2017-11-02 00:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-11-14 18:56 - 2017-11-02 00:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

2017-11-14 18:56 - 2017-11-02 00:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2017-11-14 18:56 - 2017-11-02 00:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2017-11-14 18:56 - 2017-11-02 00:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2017-11-14 18:56 - 2017-11-02 00:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys

2017-11-14 18:56 - 2017-11-02 00:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2017-11-14 18:56 - 2017-11-01 23:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-11-14 18:56 - 2017-11-01 23:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll

2017-11-14 18:56 - 2017-11-01 23:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

2017-11-14 18:56 - 2017-11-01 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE

2017-11-14 18:56 - 2017-11-01 23:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll

2017-11-14 18:56 - 2017-11-01 23:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys

2017-11-14 18:56 - 2017-11-01 23:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-11-14 18:56 - 2017-11-01 23:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-11-14 18:56 - 2017-11-01 23:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll

2017-11-14 18:56 - 2017-11-01 23:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll

2017-11-14 18:56 - 2017-11-01 23:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2017-11-14 18:56 - 2017-11-01 23:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-11-14 18:56 - 2017-11-01 23:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2017-11-14 18:56 - 2017-11-01 23:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2017-11-14 18:56 - 2017-11-01 23:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2017-11-14 18:56 - 2017-11-01 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-11-14 18:56 - 2017-11-01 23:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2017-11-14 18:56 - 2017-11-01 23:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2017-11-14 18:56 - 2017-11-01 23:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-11-14 18:56 - 2017-11-01 23:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll

2017-11-14 18:56 - 2017-11-01 23:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2017-11-14 18:56 - 2017-11-01 23:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll

2017-11-14 18:56 - 2017-11-01 23:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-11-14 18:56 - 2017-11-01 23:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2017-11-14 18:56 - 2017-11-01 23:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2017-11-14 18:56 - 2017-11-01 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys

2017-11-14 18:56 - 2017-10-15 09:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2017-11-14 18:56 - 2017-10-15 09:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-11-14 18:56 - 2017-10-15 09:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll

2017-11-14 18:56 - 2017-10-15 09:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-11-14 18:56 - 2017-10-15 09:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll

2017-11-14 18:56 - 2017-10-15 09:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-11-14 18:56 - 2017-10-15 09:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll

2017-11-14 18:56 - 2017-10-15 09:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll

2017-11-14 18:56 - 2017-10-15 09:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-11-14 18:56 - 2017-10-15 09:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll

2017-11-14 18:55 - 2017-11-02 00:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-11-14 18:55 - 2017-11-02 00:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-11-14 18:55 - 2017-11-02 00:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe

2017-11-14 18:55 - 2017-11-02 00:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-11-14 18:55 - 2017-11-02 00:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-11-14 18:55 - 2017-11-02 00:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi

2017-11-14 18:55 - 2017-11-02 00:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe

2017-11-14 18:55 - 2017-11-02 00:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-11-14 18:55 - 2017-11-02 00:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-11-14 18:55 - 2017-11-02 00:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2017-11-14 18:55 - 2017-11-02 00:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2017-11-14 18:55 - 2017-11-02 00:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll

2017-11-14 18:55 - 2017-11-02 00:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2017-11-14 18:55 - 2017-11-01 23:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2017-11-14 18:55 - 2017-11-01 23:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2017-11-14 18:55 - 2017-11-01 23:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2017-11-14 18:55 - 2017-11-01 23:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2017-11-14 18:55 - 2017-11-01 23:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-11-14 18:55 - 2017-10-15 09:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-11-14 18:55 - 2017-10-15 09:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

2017-11-13 09:17 - 2017-11-13 09:17 - 000000955 _____ C:\Users\Public\Desktop\AVG.lnk

2017-10-25 22:19 - 2017-10-25 22:19 - 000000000 ___RD C:\Users\tarod\AppData\Roaming\Brother

2017-10-25 22:19 - 2017-10-25 22:19 - 000000000 ____D C:\Users\tarod\AppData\LocalLow\Brother

2017-10-23 08:23 - 2017-10-23 08:23 - 000000000 ____D C:\Program Files (x86)\Dell Customer Connect

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-20 16:01 - 2016-03-23 21:13 - 000000000 ____D C:\Users\tarod\AppData\Local\VirtualStore

2017-11-20 15:45 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps

2017-11-20 15:45 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness

2017-11-20 15:42 - 2017-05-24 15:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2017-11-20 13:49 - 2017-05-24 15:56 - 001577850 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-11-20 13:41 - 2016-03-25 10:21 - 000000000 ____D C:\Users\tarod\AppData\Local\Citrix

2017-11-20 13:36 - 2017-05-24 15:51 - 000000000 ____D C:\Users\tarod

2017-11-20 12:39 - 2017-05-24 15:56 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task

2017-11-19 17:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache

2017-11-19 12:15 - 2017-05-21 09:21 - 000000000 ___DC C:\WINDOWS\Panther

2017-11-19 12:07 - 2017-05-24 15:57 - 000041913 _____ C:\WINDOWS\diagwrn.xml

2017-11-19 12:07 - 2017-05-24 15:57 - 000041913 _____ C:\WINDOWS\diagerr.xml

2017-11-19 11:46 - 2017-09-29 10:04 - 000000000 ___HD C:\$WINDOWS.~BT

2017-11-19 11:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Registration

2017-11-18 20:45 - 2017-10-12 16:51 - 000000000 ____D C:\Users\tarod\Desktop\work

2017-11-18 19:18 - 2017-05-24 15:56 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2017-11-18 19:18 - 2016-03-23 22:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2017-11-18 16:17 - 2016-03-23 21:13 - 000000000 __SHD C:\Users\tarod\IntelGraphicsProfiles

2017-11-18 16:17 - 2016-03-07 20:33 - 000000000 __RHD C:\Users\Public\AccountPictures

2017-11-18 16:16 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF

2017-11-17 23:55 - 2017-05-24 15:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-11-17 23:55 - 2017-05-24 15:49 - 000316136 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-11-17 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser

2017-11-17 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences

2017-11-17 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning

2017-11-17 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2017-11-17 23:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-11-17 23:54 - 2017-03-18 06:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI

2017-11-17 19:10 - 2016-04-14 11:36 - 000000000 ____D C:\Users\tarod\AppData\Roaming\vlc

2017-11-17 04:17 - 2017-04-05 21:33 - 001022288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsnx.sys

2017-11-16 21:55 - 2016-03-25 09:43 - 000000000 ____D C:\WINDOWS\system32\MRT

2017-11-16 21:51 - 2017-10-10 18:00 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2017-11-16 21:51 - 2016-03-25 09:43 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-11-16 21:11 - 2017-03-18 06:40 - 000008192 _____ C:\WINDOWS\system32\config\ELAM

2017-11-15 19:41 - 2017-07-29 21:46 - 000000000 ____D C:\Users\tarod\Documents\Vuze Downloads

2017-11-15 19:39 - 2017-07-29 21:46 - 000000000 ____D C:\Users\tarod\AppData\Roaming\Azureus

2017-11-15 15:42 - 2017-05-24 15:56 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2017-11-15 15:42 - 2017-05-24 15:56 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-15 15:40 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF

2017-11-14 19:20 - 2016-03-27 23:03 - 000000000 ____D C:\Users\tarod\AppData\Roaming\PrimoPDF

2017-11-14 19:08 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp

2017-11-13 18:55 - 2016-03-23 21:43 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-11-13 09:17 - 2017-04-24 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2017-11-13 08:46 - 2017-07-27 21:31 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-627781820-1686477350-2944828948-1001

2017-11-13 08:46 - 2016-03-23 21:15 - 000002365 _____ C:\Users\tarod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-11-13 08:46 - 2016-03-23 21:15 - 000000000 ___RD C:\Users\tarod\OneDrive

2017-11-13 08:46 - 2016-03-07 20:24 - 000000000 ____D C:\ProgramData\Package Cache

2017-11-04 20:40 - 2017-06-14 03:11 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-11-04 20:40 - 2017-06-14 03:11 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-10-26 12:42 - 2016-03-23 22:45 - 000000559 _____ C:\WINDOWS\SysWOW64\DLC_Debug_log.txt

2017-10-26 12:42 - 2016-03-07 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

2017-10-26 12:42 - 2016-03-07 20:26 - 000000000 ____D C:\Program Files\Dell

2017-10-26 12:42 - 2016-03-07 20:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-10-23 11:33 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports

Some files in TEMP:

====================

2017-07-29 21:46 - 2017-11-15 19:39 - 000079904 _____ () C:\Users\tarod\AppData\Local\Temp\i4jdel0.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-17 16:50

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017

Ran by tarod (20-11-2017 16:06:39)

Running from C:\Users\tarod\Desktop

Windows 10 Home Version 1703 15063.726 (X64) (2017-05-24 20:59:01)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-627781820-1686477350-2944828948-500 - Administrator - Disabled)

tarod (S-1-5-21-627781820-1686477350-2944828948-1001 - Administrator - Enabled) => C:\Users\tarod

DefaultAccount (S-1-5-21-627781820-1686477350-2944828948-503 - Limited - Disabled)

Guest (S-1-5-21-627781820-1686477350-2944828948-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)

Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)

AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden

AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.0.8014 - Citrix Systems, Inc.)

CleanMem (HKLM-x32\...\CleanMem) (Version: v2.5.0 - PcWinTech.com)

Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)

Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.)

Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)

Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden

Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)

Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)

Dell SupportAssist Remediation (HKLM\...\{4164FBBB-3428-4EFE-863F-30CAC3ADE51A}) (Version: 3.1.2.3837 - Dell Inc.) Hidden

Dell SupportAssist Remediation (HKLM-x32\...\{80642b68-d76d-4777-a9dc-4ca30647e8a8}) (Version: 3.1.2.3837 - Dell Inc.)

Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)

Dell System Detect (HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\d24084d039586cae) (Version: 8.4.0.5 - Dell)

Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)

Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)

DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.555.0.0 - Dell Inc.)

FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )

Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden

Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)

Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4664 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)

Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)

Juniper Citrix Services Client (HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\Juniper_Citrix_Services) (Version: 8.0.11.36363 - Juniper Networks)

Juniper Networks Setup Client (HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\Juniper_Setup_Client) (Version: 8.0.11.56747 - Juniper Networks)

Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)

Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)

Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - ) <==== ATTENTION

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)

Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)

Online Plug-in (HKLM-x32\...\{3D6AA3F8-2977-474E-95EB-4058983C4C0F}) (Version: 14.4.0.8014 - Citrix Systems, Inc.) Hidden

PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)

Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.)

Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)

Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.1.506.2015 - Realtek)

Self-service Plug-in (HKLM-x32\...\{1E9FB772-15A9-4077-934C-11C927919D7D}) (Version: 4.4.0.11833 - Citrix Systems, Inc.) Hidden

Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)

Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)

Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)

SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

Thunderbolt™ Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.)

Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)

Vuze Leap 2.6 (HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\{a9a27088-7578-499d-ad2b-67ba95a4def4}) (Version: 2.6 - Azureus Software, Inc.)

WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.720 - Broadcom Corporation)

Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)

WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-05] (AVG Technologies CZ, s.r.o.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxDTCM.dll [2017-06-03] (Intel Corporation)

ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-05] (AVG Technologies CZ, s.r.o.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F8FF6D5-00DC-41A8-BCDF-A9F079774877} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe

Task: {349E96B8-4A9D-4368-8A4C-7F48BD069DD9} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

Task: {3DD5BDC7-3D34-44D5-A0A9-77E6F50E38C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

Task: {3FFD9183-95B7-4FC1-8BE4-F225F0D59AE7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)

Task: {4D015175-D349-4ED0-8FAF-443AEE97C8DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)

Task: {5346C963-0BC8-4981-84DA-DD77CD07D1DD} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2014-08-20] (PcWinTech.com)

Task: {6040EC82-2EE0-49C8-9ED8-9D74900C3181} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe

Task: {66C1AD42-F179-4BDE-9508-6D36FD933FF6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)

Task: {6FE7F68D-CC0C-4CDD-BD0A-CEA2F27B51FB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)

Task: {7E895726-F825-476A-8D01-131B065A026D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.)

Task: {983082A9-3B0E-4B6C-BF34-52AEC144EB0F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {9B64ED44-201E-423C-A3FE-9F4607DE12A5} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-10-05] (AVG Technologies CZ, s.r.o.)

Task: {9DD02EEC-ADBE-42E7-B50B-1F0542C78DAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION

Task: {AEB52861-F289-4197-8B28-4433BF57A132} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.)

Task: {BC83ED1B-3D77-47A1-872B-912BE76558C5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe

Task: {CF5865EC-B518-4819-810F-55BC72078DB4} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

Task: {DFB7211F-BEB3-46DA-8492-E9E5EEEFF3B7} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService

Task: {E0C90722-5CAB-40E2-9D6A-42A4843A6E08} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel® Corporation)

Task: {EB9A8DB6-3F55-4216-9FA6-BAA8C29EA417} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-26] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-23 22:14 - 2015-09-01 08:41 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll

2017-01-10 14:59 - 2017-01-10 14:59 - 000125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe

2015-08-05 08:59 - 2015-08-05 08:59 - 000049408 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll

2017-09-07 16:49 - 2017-09-07 16:49 - 000068528 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll

2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2011-03-16 23:07 - 2011-03-16 23:07 - 004297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2017-11-13 08:50 - 2017-11-13 08:50 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2017-11-13 08:50 - 2017-11-13 08:50 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2017-11-13 08:50 - 2017-11-13 08:50 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2017-11-13 08:50 - 2017-11-13 08:50 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll

2017-11-13 18:55 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll

2017-11-13 18:55 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll

2017-09-13 21:41 - 2017-09-13 21:41 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 000022016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2017-11-13 08:49 - 2017-11-13 08:49 - 055109120 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2017-10-03 18:44 - 2017-10-03 18:44 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\VideoPlugin.dll

2017-10-03 18:44 - 2017-10-03 18:44 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 003740160 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 002051584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 020759040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 003607040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngine.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 003150848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll

2017-08-29 16:36 - 2017-08-29 16:36 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 002493440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.AutoSuggest.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 000919040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 001363968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 000084480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 000109568 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\ExploreModel.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 000415744 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Native.UWP.dll

2017-11-13 08:49 - 2017-11-13 08:49 - 000343040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll

2017-10-09 14:14 - 2017-10-09 14:14 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe

2017-09-26 17:00 - 2017-09-26 17:00 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-10-18 18:33 - 2017-10-18 18:33 - 025741312 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe

2017-10-18 18:33 - 2017-10-18 18:33 - 009257984 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\EntCommon.dll

2017-09-26 17:00 - 2017-09-26 17:00 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-10-18 18:33 - 2017-10-18 18:33 - 011255296 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\EntPlat.dll

2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-12-11 11:32 - 2016-12-11 11:31 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

2017-10-05 16:16 - 2017-10-05 16:16 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll

2017-09-07 16:48 - 2017-09-07 16:48 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll

2017-07-06 17:58 - 2017-07-06 17:58 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

2017-10-05 16:16 - 2017-10-05 16:16 - 000218208 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll

2017-10-05 16:16 - 2017-10-05 16:16 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll

2017-11-17 04:17 - 2017-11-17 04:17 - 000704456 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll

2017-09-19 09:35 - 2017-09-19 09:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll

2017-05-01 14:27 - 2017-05-01 14:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll

2016-07-18 15:14 - 2016-07-18 15:14 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-627781820-1686477350-2944828948-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2015-10-30 02:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-627781820-1686477350-2944828948-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tarod\Desktop\IMG_238.JPG

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "WavesSvc"

HKLM\...\StartupApproved\Run: => "BCSSync"

HKLM\...\StartupApproved\Run32: => "ConnectionCenter"

HKLM\...\StartupApproved\Run32: => "Redirector"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{862E9139-D3E4-4F4C-9F03-0CD7E62EFE12}] => (Allow) C:\Users\tarod\AppData\Roaming\Vuze Leap\VuzeLeap.exe

FirewallRules: [{007ECE29-1C34-40DB-B079-AC4477CCD729}] => (Allow) C:\Users\tarod\AppData\Roaming\Vuze Leap\VuzeLeap.exe

FirewallRules: [{EA8B9DFE-A7AA-4EB0-9E1B-2BAA28562307}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{51D6164C-E13C-45C9-81EC-A5A106EAFF56}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{6A23C79A-CC8A-4CF6-923A-96E1EC9F67BF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{04E8609A-9C35-42FC-BBD3-C2124988BC49}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{A6E4E9B6-97E4-4B5C-91CD-EC7D8862747F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{ED955DF1-FECA-422F-8C9F-76DBC451304E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [UDP Query User{74AFD50E-97D9-4A08-A73C-4F72E1154041}C:\users\tarod\appdata\roaming\vuze leap\vuzeleap.exe] => (Block) C:\users\tarod\appdata\roaming\vuze leap\vuzeleap.exe

FirewallRules: [TCP Query User{4F62DA51-ADCF-4FA8-963B-58AD7EB1B526}C:\users\tarod\appdata\roaming\vuze leap\vuzeleap.exe] => (Block) C:\users\tarod\appdata\roaming\vuze leap\vuzeleap.exe

FirewallRules: [{AF111389-FD87-4337-B58D-D1076FB76CA2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{200A8811-7FD5-4FAE-86B8-82AD4A405742}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{3CE74954-F03C-41D3-A092-5A3E5D8F8E85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D589BB89-E3D1-4A05-8B35-A791B72FDF32}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{43B4A08C-91A0-4203-9950-3DF069CA3439}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{9E8C033F-DDFF-451E-9702-4CB391B467BD}C:\users\tarod\downloads\u1504.exe] => (Allow) C:\users\tarod\downloads\u1504.exe

FirewallRules: [UDP Query User{209955EC-56CA-47A1-B61B-8794DA69A849}C:\users\tarod\downloads\u1504.exe] => (Allow) C:\users\tarod\downloads\u1504.exe

FirewallRules: [{3E4DAE66-2DF3-439F-A7DA-C98B4944E093}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{DD22F92D-2DB1-40A1-B45A-A40568200137}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{D52B07C9-2C3D-405C-8EDE-84044571506A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{1C7E3E41-11FC-43EC-A080-F8E40B67F117}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{04DD477E-AEE7-4F9B-9D41-FD1EE4A70A1B}] => (Allow) C:\Program Files\Vuze\Azureus.exe

FirewallRules: [{261C73FB-0785-4EE8-9D6E-D0D3B86009CC}] => (Allow) C:\Program Files\Vuze\Azureus.exe

FirewallRules: [{3CB18844-ACCB-4266-A543-4DBC8BB30960}] => (Allow) %systemroot%\system32\alg.exe

FirewallRules: [{4C0FDFB5-6B0F-4758-89BD-8E6B36F8285E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-11-2017 21:51:21 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/20/2017 02:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1187

Error: (11/20/2017 02:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1187

Error: (11/20/2017 02:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2017 12:59:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4196407

Error: (11/20/2017 12:59:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4196407

Error: (11/20/2017 12:59:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2017 11:49:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1047

Error: (11/19/2017 11:49:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1047

Error: (11/19/2017 11:49:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2017 09:57:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1078

System errors:

=============

Error: (11/20/2017 03:42:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2017 01:47:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2017 01:47:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

and APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

Error: (11/20/2017 01:47:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

Error: (11/20/2017 01:47:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

and APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

Error: (11/20/2017 01:36:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

Error: (11/20/2017 01:36:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

and APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

Error: (11/20/2017 01:36:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

Error: (11/20/2017 01:36:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

and APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

Error: (11/20/2017 08:03:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

==================== Memory info ===========================

Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz

Percentage of memory in use: 71%

Total physical RAM: 8043.38 MB

Available physical RAM: 2259.66 MB

Total Virtual: 14466.73 MB

Available Virtual: 2381.94 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:227 GB) (Free:14.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: F050777F)

Partition: GPT.

==================== End of Addition.txt ============================

#2
zep516

Posted 30 November 2017 - 12:17 AM

Trusted Helper

Malware Removal
8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Sorry for some delay, no malware found just a few items to fix

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKU\S-1-5-21-627781820-1686477350-2944828948-1001 -> {A49D3283-CCF4-438D-8FAA-13087B9628F9} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=316617&p={searchTerms}
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=316617&fr=yo-yhp-ch"
2017-07-29 21:46 - 2017-11-15 19:39 - 000079904 _____ () C:\Users\tarod\AppData\Local\Temp\i4jdel0.exe
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {9DD02EEC-ADBE-42E7-B50B-1F0542C78DAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

#3
tarodevi

Posted 30 November 2017 - 06:13 PM

New Member

Topic Starter
Member
4 posts

Thank you for your time, zep516. Here is the fix log below. Anything else that I should be doing? Thanks again in advance

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017

Ran by tarod (30-11-2017 19:07:31) Run:1

Running from C:\Users\tarod\Desktop

Loaded Profiles: tarod (Available Profiles: tarod)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CloseProcesses:

CreateRestorePoint:

GroupPolicy: Restriction - Chrome <==== ATTENTION

CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=316617&fr=yo-yhp-ch"

2017-07-29 21:46 - 2017-11-15 19:39 - 000079904 _____ () C:\Users\tarod\AppData\Local\Temp\i4jdel0.exe

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Task: {9DD02EEC-ADBE-42E7-B50B-1F0542C78DAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

CMD: bitsadmin /reset /allusers

CMD: netsh winsock reset catalog

CMD: ipconfig /flushdns

RemoveProxy:

hosts:

Emptytemp:

*****************

Processes closed successfully.

Restore point was successfully created.

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully

HKU\S-1-5-21-627781820-1686477350-2944828948-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A49D3283-CCF4-438D-8FAA-13087B9628F9} => key removed successfully

HKLM\Software\Classes\CLSID\{A49D3283-CCF4-438D-8FAA-13087B9628F9} => key not found

Chrome StartupUrls => removed successfully

"C:\Users\tarod\AppData\Local\Temp\i4jdel0.exe" => not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully

HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key removed successfully

HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully

HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DD02EEC-ADBE-42E7-B50B-1F0542C78DAD} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DD02EEC-ADBE-42E7-B50B-1F0542C78DAD} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully

C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-627781820-1686477350-2944828948-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-627781820-1686477350-2944828948-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13778983 B

Java, Flash, Steam htmlcache => 1864 B

Windows/system/drivers => 5004682 B

Edge => 1055534 B

Chrome => 425024440 B

Firefox => 377287284 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 1642 B

NetworkService => 0 B

tarod => 45323314 B

RecycleBin => 1345 B

EmptyTemp: => 833.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:08:11 ====

#4
zep516

Posted 30 November 2017 - 06:34 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

Lets run a Malwarebytes scan an see if shows anything.

Next

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
Reboot your computer if prompted.

Posting the Malwarebytes log.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

#5
tarodevi

Posted 30 November 2017 - 08:48 PM

New Member

Topic Starter
Member
4 posts

Thanks for your reply. Here is the log:

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 11/30/17

Scan Time: 9:35 PM

Log File: 523b7264-d640-11e7-8bca-3052cbe73288.json

Administrator: Yes

-Software Information-

Version: 3.3.1.2183

Components Version: 1.0.236

Update Package Version: 1.0.3386

License: Trial

-System Information-

OS: Windows 10 (Build 16299.64)

CPU: x64

File System: NTFS

User: DESKTOP-PWFJS2U\tarod

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 387874

Threats Detected: 17

Threats Quarantined: 17

Time Elapsed: 2 min, 13 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 1

PUP.Optional.MalwareProtection, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MalwareProtectionLive, Quarantined, [963], [246740],1.0.3386

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 2

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\quarantine, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\USERS\TAROD\APPDATA\LOCAL\MALWAREPROTECTIONLIVE, Quarantined, [963], [246740],1.0.3386

File: 14

PUP.Optional.MalwareProtection, C:\USERS\TAROD\APPDATA\LOCAL\MALWAREPROTECTIONLIVE\MALWAREPROTECTIONCLIENT.EXE.CONFIG, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\certificates, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\certificates_filter, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\domains, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\DotNetCheck.exe, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\DotNetCheck.exe.config, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\extensions, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\extensions_filter, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\log.txt, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\MPLSettings.dll, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\uninstall.exe, Quarantined, [963], [246740],1.0.3386

PUP.Optional.MalwareProtection, C:\Users\Tarod\AppData\Local\MalwareProtectionLive\userinfo.dat, Quarantined, [963], [246740],1.0.3386

PUP.Optional.Spigot, C:\USERS\TAROD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7M63G83O.DEFAULT\PREFS.JS, Replaced, [649], [301667],1.0.3386

PUP.Optional.BundleInstaller, C:\USERS\TAROD\DOWNLOADS\ADOBE_FLASH_SETUP_0607091348.EXE, Quarantined, [20], [440502],1.0.3386

Physical Sector: 0

(No malicious items detected)

(end)

#6
zep516

Posted 30 November 2017 - 09:08 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

Nothing serious just a bit of adware. Keep Malwarebytes use it every so often to do a scan, especially when things don't seem right.

Your computer is clean now. If there are no further issues we can close this topic.

You may remove all tools we downloaded and any log files, right click and delete them.

Thanks
Joe

#7
tarodevi

Posted 01 December 2017 - 06:49 AM

New Member

Topic Starter
Member
4 posts

Thank you so much! I really appreciate your time and expertise.

#8
zep516

Posted 01 December 2017 - 04:23 PM

Trusted Helper

Malware Removal
8,090 posts

You're welcome

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe