Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Infection That Slows Down My PC


  • Please log in to reply

#1
Braind

Braind

    Member

  • Member
  • PipPipPip
  • 255 posts

My PC (Windows 10, 64 version) started running very slow several weeks ago. I ran the free version of Malwarebytes which quarantined 75 items. This made my PC run faster. Then my PC ran slow again about two days later. I ran Malwarebytes again, it quarantined 77 items and again my PC ran faster. This pattern seems to happen 3 - 4 times per week now.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Brian (administrator) on BRIAN-HP (08-01-2018 19:52:01)
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Epic Privacy Browser) C:\Users\Brian\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(abelhadigital.com) C:\Program Files (x86)\HostsMan\hm.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
() C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
(Skwire Empire) C:\Users\Brian\Downloads\sWeather\sWeather.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe

 

Administrator (S-1-5-21-1563961910-250262785-1644635927-500 - Administrator - Disabled)
Brian (S-1-5-21-1563961910-250262785-1644635927-1001 - Administrator - Enabled) => C:\Users\Brian
DefaultAccount (S-1-5-21-1563961910-250262785-1644635927-503 - Limited - Disabled)
Guest (S-1-5-21-1563961910-250262785-1644635927-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1563961910-250262785-1644635927-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1563961910-250262785-1644635927-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.196 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{18BBF24A-6D04-4CA4-B6B4-1CF372162EEC}) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AOMEI Backupper Free (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.151 - Bitdefender)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.12 - BleachBit)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Brave) (Version: 0.18.36 - Brave Software)
ccc-core-static (HKLM-x32\...\{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}) (Version: 2010.1123.1002.17926 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Check Point EFR Light Agent (HKLM\...\{7C80C5DC-D756-4A31-924D-F37B3E0198B7}) (Version: 86.0.2382 - Check Point Software Technologies Ltd.) Hidden
Cliqz 1.17.4 (x86 en-US) (HKLM-x32\...\Cliqz 1.17.4 (x86 en-US)) (Version: 1.17.4 - Cliqz GmbH)
Cliqz Maintenance Service (HKLM\...\CliqzMaintenanceService) (Version: 1.13.6 - Cliqz GmbH)
Core Temp 1.10.2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.10.2 - ALCPU)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.2.1) (Version: 5.0.2.1 - Coupons.com Incorporated)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Cybereason RansomFree 2.4.2.0 (HKLM-x32\...\{2A15E1FB-A1F5-4F11-B033-D8DB1E37C1E9}) (Version: 2.4.2.0 - Cybereason Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Dashlane) (Version: 5.3.2.14186 - Dashlane SAS)
DetectorTools (HKLM-x32\...\{E8F0431A-A158-49F6-96AC-7C1380D9AF21}) (Version: 1.11.100 - Escort)

 

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,851 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Sorry for some delay. Do you still require help ? If so please re-post the the log reports from FRST.

Thanks
Joe :)
  • 0

#3
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Yes, I can still use the help. Thanks.


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,851 posts
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run.( C:\Users\Brian\Downloads.) Please copy and paste them to your reply.

  • 0

#5
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

If I double click immediately, it will not run as the Administrator....is this what you are instructing for me to do?


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,851 posts
Right click an run as administrator, I'll need to change those previous instructions.
  • 0

#7
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Thanks for the clarification. I'll run as administrator.


  • 0

#8
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Here are the results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Brian (administrator) on BRIAN-HP (10-01-2018 21:31:05)
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
() C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Epic Privacy Browser) C:\Users\Brian\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(abelhadigital.com) C:\Program Files (x86)\HostsMan\hm.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
() C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
(Skwire Empire) C:\Users\Brian\Downloads\sWeather\sWeather.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\cliqz.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\cliqz.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\cliqz.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\cliqz.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dashlane, Inc.) C:\Users\Brian\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane, Inc.) C:\Users\Brian\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\cliqz.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\cliqz.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\cliqz.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Brian\Downloads\FRST64(3).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286992 2015-11-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] ()
HKLM-x32\...\Run: [HostsMan] => C:\Program Files (x86)\HostsMan\hm.exe [8161280 2015-11-20] (abelhadigital.com)
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4448624 2018-01-05] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [76520 2018-01-04] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [2013928 2018-01-04] (Prosoftnet)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [83608 2017-05-17] ()
HKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTION
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Dashlane] => C:\Users\Brian\AppData\Roaming\Dashlane\Dashlane.exe [456656 2018-01-02] (Dashlane, Inc.)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [DashlanePlugin] => C:\Users\Brian\AppData\Roaming\Dashlane\DashlanePlugin.exe [502736 2018-01-02] (Dashlane, Inc.)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7702632 2017-12-08] (Lavasoft)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\Brian\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2017-09-16] (Epic Privacy Browser)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-09] (SUPERAntiSpyware)
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\RunOnce: [Uninstall 17.3.7076.1026\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\RunOnce: [Uninstall 17.3.7076.1026] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.7076.1026"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\yowindow.scr
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-11-15]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk [2018-01-10]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk -> C:\Program Files\hp\HP Officejet 6500 E710a-f\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sWeather.lnk [2017-11-28]
ShortcutTarget: sWeather.lnk -> C:\Users\Brian\Downloads\sWeather\sWeather.exe (Skwire Empire)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled [2017-10-21] ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{136f715d-1007-4cf1-8adb-aa43da411b61}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{136f715d-1007-4cf1-8adb-aa43da411b61}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKU\S-1-5-21-1563961910-250262785-1644635927-1001 -> {418EF04B-AE79-4DA5-B595-7C7EC0A5B45D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-10-24] (LastPass)
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-19] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-10-24] (LastPass)
BHO-x32: Web Companion -> {9917296A-97CB-4836-B04E-F85DC27DDC34} -> C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionExtensionIE.dll [2017-12-08] ( )
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-10-24] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-10-24] (LastPass)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)

Edge:
======
Edge Extension: (Ebates: The Free Cash Back Shopping Assistant) -> EdgeExtension_EbatesEbatesCashBack_qvn24pjydtpgr => C:\Program Files\WindowsApps\Ebates.EbatesCashBack_4.24.0.0_neutral__qvn24pjydtpgr [2018-01-04]

FireFox:
========
FF DefaultProfile: m5wd3j7q.default
FF DefaultProfile: [email protected]
FF DefaultProfile: 2x7g4emt.default
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default [2018-01-08]
FF Homepage: Mozilla\Firefox\Profiles\m5wd3j7q.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF NewTabOverride: Mozilla\Firefox\Profiles\m5wd3j7q.default -> Enabled: AdB[email protected]
FF Extension: (Adaware Web Protection) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\Extensions\@adaware_webprotection.xpi [2017-12-29]
FF Extension: (Default) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\Extensions\@new-tab.xpi [2017-12-29]
FF Extension: (Adaware Ad Block) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\Extensions\[email protected] [2017-12-29]
FF Extension: (Ghostery) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\Extensions\[email protected] [2018-01-06]
FF Extension: (Dashlane) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\Extensions\[email protected] [2018-01-06]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\Extensions\[email protected] [2018-01-06]
FF Extension: (Disable JavaScript Shared Memory) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\features\{c83b0d2c-0a77-48fb-b05a-c179b52edab4}\[email protected] [2018-01-06] [Legacy]
FF SearchPlugin: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\searchplugins\bing-lavasoft.xml [2017-12-08]
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\tpoo7ekp.default [2018-01-08]
FF Extension: (Personas Plus) - C:\Users\Brian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\tpoo7ekp.default\Extensions\[email protected] [2017-05-29] [Legacy]
FF Extension: (Kempelton Reloaded) - C:\Users\Brian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\tpoo7ekp.default\Extensions\{03c2ba51-52c3-4cb1-9309-229eb4bc8948}.xpi [2016-10-29] [Legacy] [not signed]
FF Extension: (Ebates Cash Back) - C:\Users\Brian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\tpoo7ekp.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-05-29] [Legacy]
FF Extension: (Aeromoon) - C:\Users\Brian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\tpoo7ekp.default\Extensions\{edbb972f-e557-4870-b98e-98e62085837f}.xpi [2016-10-29] [Legacy] [not signed]
FF ProfilePath: C:\Users\Brian\AppData\Roaming\CLIQZ\Profiles\2x7g4emt.default [2018-01-10]
FF Homepage: CLIQZ\Profiles\2x7g4emt.default -> resource://cliqz/freshtab/home.html
FF Extension: (Ghostery) - C:\Users\Brian\AppData\Roaming\CLIQZ\Profiles\2x7g4emt.default\Extensions\[email protected] [2017-10-04] [not signed]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Brian\AppData\Roaming\CLIQZ\Profiles\2x7g4emt.default\Extensions\[email protected] [2017-12-27] [not signed]
FF Extension: (Cliqz) - C:\Users\Brian\AppData\Roaming\CLIQZ\Profiles\2x7g4emt.default\features\{90db0729-ee4d-49aa-869e-a60f58c3ea4c}\[email protected] [2018-01-09] [Legacy] [not signed]
FF Extension: (HTTPS Everywhere) - C:\Users\Brian\AppData\Roaming\CLIQZ\Profiles\2x7g4emt.default\features\{90db0729-ee4d-49aa-869e-a60f58c3ea4c}\[email protected] [2018-01-09] [not signed]
FF Extension: (AT&T Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2016-04-02] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-10-24] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-19] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-10-24] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-11-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-11-15] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1563961910-250262785-1644635927-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Brian\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-09-16] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-1563961910-250262785-1644635927-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Brian\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-09-16] (Epic Privacy Browser)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> incognito
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default [2018-01-10]
CHR Extension: (Incognito This!) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aglfgiceepbeffbpmlohbdnhmliojinm [2017-01-28]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2017-07-25]
CHR Extension: (Adguard AdBlocker) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-09-28]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-12-29]
CHR Extension: (Honey) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-12-20]
CHR Extension: (Adblock Plus) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-28]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2018-01-10]
CHR Extension: (Incognito-Filter) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik [2016-07-01]
CHR Extension: (Blur Privacy Dashboard) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjidbdiahninbecbcigapoocbkfncobc [2016-07-01]
CHR Extension: (Adblock for Youtube™) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-14]
CHR Extension: (Adaware Ad Block) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2017-11-08]
CHR Extension: (PriceJump) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblfcnaanidhgjbmcfgebdcifkaffcpb [2016-11-30]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2016-07-01]
CHR Extension: (Punycode Alert) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\djghjigfghekidjibckjmhbhhjeomlda [2017-04-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Blur) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2017-12-18]
CHR Extension: (YoWindow Free Weather) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2017-03-14]
CHR Extension: (Toolkit For Facebook) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcachklhcihfinmagjnlomehfdhndhep [2018-01-07]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2018-01-10]
CHR Extension: (Just Not Sorry -- the Gmail Plug-in) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmegmibednnlgojepmidhlhpjbppmlci [2017-02-12]
CHR Extension: (HTTPS Everywhere) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-12-07]
CHR Extension: (Assassin's Creed III) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn [2016-09-13]
CHR Extension: (The Camelizer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2017-03-10]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-07-01]
CHR Extension: (Protect My Choices) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2017-12-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-01-10]
CHR Extension: (Bitly | Unleash the power of the link) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2017-12-11]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2016-07-01]
CHR Extension: (HP Network Check Launcher) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-01-26]
CHR Extension: (Save to Facebook) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-01-03]
CHR Extension: (Google Voice (by Google)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-07-01]
CHR Extension: (Advanced Extensions) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\knchccdpckooledklhnooegnniofcfip [2016-07-01]
CHR Extension: (Netflix Categories) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnbopcabgddpanjmeabponnjngbmemml [2017-02-07]
CHR Extension: (iCloud Dashboard) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2018-01-10]
CHR Extension: (Ghostery Fixer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaegpmdlhnpldpoadmnnbddbkcdmbhb [2016-07-01]
CHR Extension: (Ghostery) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-01-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Buffer) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2017-11-16]
CHR Extension: (Adaware Web Protection) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofadgdfocedihehfeajeipbcgmpcnieg [2017-06-26]
CHR Extension: (Mercury Reader) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2017-04-05]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-12-18]
CHR Extension: (Default) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco [2018-01-08]
CHR Extension: (Weather Underground) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2017-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR Extension: (Privacy Badger) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2017-11-21]
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-08]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [116376 2017-05-17] (AOMEI Tech Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2017-12-25] (Microsoft Corporation)
S3 CliqzMaintenance; C:\Program Files (x86)\Cliqz Maintenance Service\maintenanceservice.exe [180992 2018-01-05] (Cliqz GmbH)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2368248 2017-11-21] (Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2017-10-17] ()
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2017-10-17] ()
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [File not signed]
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe [3111136 2016-11-09] (Condusiv Technologies)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [218856 2018-01-04] (Prosoftnet)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
S4 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2015-11-15] (RealNetworks, Inc.)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2017-06-13] (Check Point Software Technologies Ltd.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-12-08] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-06] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-06] (Microsoft Corporation)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [54128 2018-01-05] ()
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-23] ()
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-23] ()
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2016-12-23] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [59632 2017-06-12] (Check Point Software Technologies Ltd.)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [56080 2017-06-05] (Check Point Software Technologies Ltd.)
R1 cposfw; C:\WINDOWS\System32\DRIVERS\cposfw.sys [115256 2017-09-06] (Check Point Software Technologies Ltd.)
R0 DKDFM; C:\WINDOWS\System32\drivers\DKDFM.sys [41744 2013-05-06] (Condusiv Technologies)
R3 DKRtWrt; C:\WINDOWS\system32\drivers\DKRtWrt.sys [48792 2016-01-28] (Condusiv Technologies)
R0 DKTLFSMF; C:\WINDOWS\System32\drivers\DKTLFSMF.sys [119536 2014-04-14] (Condusiv Technologies)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [115440 2017-06-05] (Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [101656 2017-02-01] (Check Point Software Technologies)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-10] (Malwarebytes)
R1 MpKsl23a7ce98; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8457397A-830B-4BDF-A1DF-5DED4D02A07D}\MpKsl23a7ce98.sys [58120 2018-01-10] (Microsoft Corporation)
R1 MpKsl52d59deb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CA0FF79-860C-4365-B828-8AF5DB540B4F}\MpKsl52d59deb.sys [58120 2018-01-08] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 tcefs; C:\WINDOWS\system32\drivers\tcefs.sys [26776 2015-08-18] (Condusiv Technologies Corporation)
R0 tcesd; C:\WINDOWS\System32\drivers\tcesd.sys [238320 2016-07-19] (Condusiv Technologies Corporation)
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-06] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-06] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-06] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-06-29] (Zemana Ltd.)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-10 21:08 - 2018-01-10 21:08 - 002393088 _____ (Farbar) C:\Users\Brian\Downloads\FRST64(3).exe
2018-01-10 17:52 - 2018-01-10 17:52 - 000000000 ___SH C:\DkHyperbootSync
2018-01-10 07:51 - 2018-01-10 07:51 - 000523241 ____N C:\Users\R4oj9\recording_comb_passing_cotton.xlsx
2018-01-10 07:51 - 2018-01-10 07:51 - 000512154 ____N C:\Users\Ajp8z\coolidgelooseeconomyunable.xlsx
2018-01-10 07:51 - 2018-01-10 07:51 - 000229900 ____N C:\Users\R4oj9\branch.greatest.mdb
2018-01-10 07:51 - 2018-01-10 07:51 - 000200359 ____N C:\Users\Ajp8z\collar_salary.mdb
2018-01-10 07:51 - 2018-01-10 07:51 - 000079653 ____N C:\Users\Ajp8z\song_sugar.xls
2018-01-10 07:51 - 2018-01-10 07:51 - 000067900 ____N C:\Users\R4oj9\warmth_program_breathing.xls
2018-01-10 07:51 - 2018-01-10 07:51 - 000056823 ____N C:\Users\Ajp8z\impulse.confidence.searching.pem
2018-01-10 07:51 - 2018-01-10 07:51 - 000051518 ____N C:\Users\R4oj9\customeroftendeterminationcrop.pem
2018-01-10 07:51 - 2018-01-10 07:51 - 000041418 ____N C:\Users\Ajp8z\child_arithmetic.txt
2018-01-10 07:51 - 2018-01-10 07:51 - 000032975 ____N C:\Users\R4oj9\sugar-unity-sign-gesture.txt
2018-01-10 07:51 - 2018-01-10 07:51 - 000015640 ____N C:\Users\Ajp8z\relating-drivers-legitimate-vocabulary.sql
2018-01-10 07:51 - 2018-01-10 07:51 - 000011372 ____N C:\Users\R4oj9\sponsored emotions.sql
2018-01-10 07:51 - 2018-01-10 07:51 - 000000000 ___HD C:\Users\R4oj9
2018-01-10 07:51 - 2018-01-10 07:51 - 000000000 ___HD C:\Users\Ajp8z
2018-01-10 07:51 - 2018-01-10 07:51 - 000000000 ____D C:\Ytools202
2018-01-10 07:51 - 2018-01-10 07:51 - 000000000 ____D C:\Abuse93
2018-01-09 07:54 - 2018-01-09 21:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-09 07:51 - 2018-01-09 07:51 - 000000000 __SHD C:\Users\Brian\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2018-01-09 07:51 - 2018-01-09 07:51 - 000000000 ___HD C:\Users\Brian\Documents\Zfiles143
2018-01-09 07:51 - 2018-01-09 07:51 - 000000000 ___HD C:\Users\Brian\Documents\00Clogs194
2018-01-08 19:46 - 2018-01-08 19:47 - 002393088 _____ (Farbar) C:\Users\Brian\Downloads\FRST64(2).exe
2018-01-08 16:40 - 2018-01-08 23:59 - 117702656 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-08 13:55 - 2018-01-08 13:55 - 000000000 ___HD C:\Users\Brian\Documents\Ydocuments239
2018-01-08 13:55 - 2018-01-08 13:55 - 000000000 ___HD C:\Users\Brian\Documents\00Dcache72
2018-01-07 19:26 - 2018-01-07 19:26 - 000000000 ____D C:\WINDOWS\Panther
2018-01-05 09:46 - 2018-01-05 09:46 - 000262213 _____ C:\WINDOWS\system32\Drivers\cposfw.xml
2018-01-05 00:31 - 2018-01-01 06:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-05 00:31 - 2018-01-01 06:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-05 00:31 - 2018-01-01 06:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-05 00:31 - 2018-01-01 06:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-05 00:31 - 2018-01-01 06:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-05 00:31 - 2018-01-01 06:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-05 00:31 - 2018-01-01 06:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-05 00:31 - 2018-01-01 06:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-05 00:31 - 2018-01-01 06:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-05 00:31 - 2018-01-01 06:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-05 00:31 - 2018-01-01 06:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-05 00:31 - 2018-01-01 06:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-05 00:31 - 2018-01-01 06:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-05 00:31 - 2018-01-01 06:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-05 00:31 - 2018-01-01 06:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-05 00:31 - 2018-01-01 06:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-05 00:31 - 2018-01-01 06:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-05 00:31 - 2018-01-01 06:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-05 00:31 - 2018-01-01 06:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-05 00:31 - 2018-01-01 06:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-05 00:31 - 2018-01-01 06:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-05 00:31 - 2018-01-01 06:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-05 00:31 - 2018-01-01 06:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-05 00:31 - 2018-01-01 06:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-05 00:31 - 2018-01-01 06:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-05 00:31 - 2018-01-01 06:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-05 00:31 - 2018-01-01 05:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-05 00:31 - 2018-01-01 05:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-05 00:31 - 2018-01-01 05:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-05 00:31 - 2018-01-01 05:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-05 00:31 - 2018-01-01 05:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-05 00:31 - 2018-01-01 05:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-05 00:31 - 2018-01-01 05:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-05 00:31 - 2018-01-01 05:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-05 00:31 - 2018-01-01 05:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-05 00:31 - 2018-01-01 05:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-05 00:31 - 2018-01-01 05:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-05 00:31 - 2018-01-01 05:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-05 00:31 - 2018-01-01 05:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-05 00:31 - 2018-01-01 05:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-05 00:31 - 2018-01-01 05:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-05 00:31 - 2018-01-01 05:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-05 00:31 - 2018-01-01 05:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-05 00:31 - 2018-01-01 05:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-05 00:31 - 2018-01-01 05:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-05 00:31 - 2018-01-01 05:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-05 00:31 - 2018-01-01 05:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-05 00:31 - 2018-01-01 05:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-05 00:31 - 2018-01-01 05:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-05 00:31 - 2018-01-01 05:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-05 00:31 - 2018-01-01 05:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-05 00:31 - 2018-01-01 05:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-05 00:31 - 2018-01-01 05:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-05 00:31 - 2018-01-01 05:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-05 00:31 - 2018-01-01 05:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-05 00:31 - 2018-01-01 05:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-05 00:31 - 2018-01-01 05:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-05 00:31 - 2018-01-01 05:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-05 00:31 - 2018-01-01 05:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-05 00:31 - 2018-01-01 05:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-05 00:31 - 2018-01-01 05:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-05 00:31 - 2018-01-01 05:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-05 00:31 - 2018-01-01 05:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-05 00:31 - 2018-01-01 05:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-05 00:31 - 2018-01-01 05:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-05 00:31 - 2018-01-01 05:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-05 00:31 - 2018-01-01 05:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-05 00:31 - 2018-01-01 05:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-05 00:31 - 2018-01-01 05:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-05 00:31 - 2018-01-01 05:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-05 00:31 - 2018-01-01 05:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-05 00:31 - 2018-01-01 05:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-05 00:31 - 2018-01-01 05:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-05 00:31 - 2018-01-01 05:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-05 00:31 - 2018-01-01 05:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-05 00:31 - 2018-01-01 05:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-05 00:31 - 2018-01-01 05:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-05 00:31 - 2018-01-01 05:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-05 00:31 - 2018-01-01 05:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-05 00:31 - 2018-01-01 05:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-05 00:30 - 2018-01-01 11:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-05 00:30 - 2018-01-01 06:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-05 00:30 - 2018-01-01 06:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-05 00:30 - 2018-01-01 06:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-05 00:30 - 2018-01-01 06:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-05 00:30 - 2018-01-01 06:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-05 00:30 - 2018-01-01 06:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-05 00:30 - 2018-01-01 06:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-05 00:30 - 2018-01-01 06:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-05 00:30 - 2018-01-01 06:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-05 00:30 - 2018-01-01 06:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-05 00:30 - 2018-01-01 06:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-05 00:30 - 2018-01-01 06:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-05 00:30 - 2018-01-01 06:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-05 00:30 - 2018-01-01 06:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-05 00:30 - 2018-01-01 06:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-05 00:30 - 2018-01-01 06:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-05 00:30 - 2018-01-01 06:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-05 00:30 - 2018-01-01 06:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-05 00:30 - 2018-01-01 06:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-05 00:30 - 2018-01-01 06:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-05 00:30 - 2018-01-01 06:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-05 00:30 - 2018-01-01 06:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-05 00:30 - 2018-01-01 06:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-05 00:30 - 2018-01-01 06:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-05 00:30 - 2018-01-01 06:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-05 00:30 - 2018-01-01 06:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-05 00:30 - 2018-01-01 06:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-05 00:30 - 2018-01-01 06:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-05 00:30 - 2018-01-01 06:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-05 00:30 - 2018-01-01 06:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-05 00:30 - 2018-01-01 06:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-05 00:30 - 2018-01-01 06:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-05 00:30 - 2018-01-01 06:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-05 00:30 - 2018-01-01 06:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-05 00:30 - 2018-01-01 06:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-05 00:30 - 2018-01-01 06:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-05 00:30 - 2018-01-01 06:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-05 00:30 - 2018-01-01 06:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-05 00:30 - 2018-01-01 06:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-05 00:30 - 2018-01-01 06:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-05 00:30 - 2018-01-01 06:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-05 00:30 - 2018-01-01 06:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-05 00:30 - 2018-01-01 06:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-05 00:30 - 2018-01-01 06:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-05 00:30 - 2018-01-01 06:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-05 00:30 - 2018-01-01 06:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-05 00:30 - 2018-01-01 06:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-05 00:30 - 2018-01-01 06:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-05 00:30 - 2018-01-01 06:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-05 00:30 - 2018-01-01 06:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-05 00:30 - 2018-01-01 06:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-05 00:30 - 2018-01-01 06:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-05 00:30 - 2018-01-01 06:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-05 00:30 - 2018-01-01 06:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-05 00:30 - 2018-01-01 06:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-05 00:30 - 2018-01-01 05:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-05 00:30 - 2018-01-01 05:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-05 00:30 - 2018-01-01 05:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-05 00:30 - 2018-01-01 05:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-05 00:30 - 2018-01-01 05:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-05 00:30 - 2018-01-01 05:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-05 00:30 - 2018-01-01 05:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-05 00:30 - 2018-01-01 05:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-05 00:30 - 2018-01-01 05:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-05 00:30 - 2018-01-01 05:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-05 00:30 - 2018-01-01 05:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-05 00:30 - 2018-01-01 05:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-05 00:30 - 2018-01-01 05:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-05 00:30 - 2018-01-01 05:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-05 00:30 - 2018-01-01 05:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-05 00:30 - 2018-01-01 05:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-05 00:30 - 2018-01-01 05:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-05 00:30 - 2018-01-01 05:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-05 00:30 - 2018-01-01 05:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-05 00:30 - 2018-01-01 05:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-05 00:30 - 2018-01-01 05:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-05 00:30 - 2018-01-01 05:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-05 00:30 - 2018-01-01 05:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-05 00:30 - 2018-01-01 05:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-05 00:30 - 2018-01-01 05:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-05 00:30 - 2018-01-01 05:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-05 00:30 - 2018-01-01 05:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-05 00:30 - 2018-01-01 05:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-05 00:30 - 2018-01-01 05:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-05 00:30 - 2018-01-01 05:21 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2018-01-05 00:30 - 2018-01-01 05:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-05 00:30 - 2018-01-01 05:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-05 00:30 - 2018-01-01 05:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-05 00:30 - 2018-01-01 05:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-05 00:30 - 2018-01-01 05:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-05 00:30 - 2018-01-01 05:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-05 00:30 - 2018-01-01 05:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-05 00:30 - 2018-01-01 05:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-05 00:30 - 2018-01-01 05:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-05 00:30 - 2018-01-01 05:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-05 00:30 - 2018-01-01 05:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-05 00:30 - 2018-01-01 05:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-05 00:30 - 2018-01-01 05:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-05 00:30 - 2018-01-01 05:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-05 00:30 - 2018-01-01 05:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-05 00:30 - 2018-01-01 05:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-05 00:30 - 2018-01-01 05:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-05 00:30 - 2018-01-01 05:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 001381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-05 00:30 - 2018-01-01 05:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-05 00:30 - 2018-01-01 05:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-05 00:30 - 2018-01-01 05:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-05 00:30 - 2018-01-01 05:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-05 00:30 - 2018-01-01 05:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-05 00:30 - 2018-01-01 05:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-05 00:30 - 2018-01-01 05:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-05 00:30 - 2018-01-01 05:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-05 00:30 - 2018-01-01 05:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-05 00:30 - 2018-01-01 05:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-05 00:30 - 2018-01-01 05:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-05 00:30 - 2018-01-01 05:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-05 00:30 - 2018-01-01 05:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-05 00:30 - 2018-01-01 05:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-05 00:30 - 2018-01-01 05:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-05 00:30 - 2018-01-01 05:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-05 00:30 - 2018-01-01 05:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-05 00:30 - 2018-01-01 05:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-05 00:30 - 2018-01-01 05:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-05 00:30 - 2018-01-01 05:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-05 00:30 - 2018-01-01 05:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-05 00:30 - 2018-01-01 05:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-05 00:30 - 2018-01-01 05:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-05 00:30 - 2018-01-01 05:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-05 00:30 - 2018-01-01 05:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-05 00:30 - 2018-01-01 05:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-05 00:30 - 2018-01-01 05:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-05 00:30 - 2018-01-01 05:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-05 00:30 - 2018-01-01 05:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-05 00:30 - 2018-01-01 05:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-05 00:30 - 2018-01-01 05:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-05 00:30 - 2018-01-01 05:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-05 00:30 - 2018-01-01 05:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-05 00:30 - 2018-01-01 05:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-05 00:30 - 2018-01-01 05:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-05 00:30 - 2018-01-01 05:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-05 00:30 - 2018-01-01 05:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-05 00:23 - 2018-01-08 20:05 - 000059050 _____ C:\Users\Brian\Downloads\Addition.txt
2018-01-05 00:18 - 2018-01-10 21:33 - 000062661 _____ C:\Users\Brian\Downloads\FRST.txt
2018-01-05 00:17 - 2018-01-10 21:31 - 000000000 ____D C:\FRST
2018-01-05 00:17 - 2018-01-05 00:17 - 002393088 _____ (Farbar) C:\Users\Brian\Downloads\FRST64(1).exe
2018-01-05 00:15 - 2018-01-05 00:15 - 002393088 _____ (Farbar) C:\Users\Brian\Downloads\FRST64.exe
2018-01-04 14:26 - 2018-01-04 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2018-01-04 14:26 - 2018-01-03 18:23 - 000533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2018-01-04 14:26 - 2018-01-03 18:23 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2017-12-25 20:17 - 2018-01-05 01:19 - 000409496 ____N C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-22 21:34 - 2017-12-22 21:34 - 000188609 _____ C:\Users\Brian\Downloads\OveRxCast_Sizing_Guide2.pdf
2017-12-21 22:30 - 2017-12-21 22:30 - 000142848 _____ C:\Users\Brian\Desktop\RE Brian Domenoski 1-06-16 Humana Documentation.msg
2017-12-19 18:14 - 2017-12-19 18:14 - 000004090 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Keepalive
2017-12-19 18:14 - 2017-12-19 18:14 - 000003196 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Autostart
2017-12-19 18:14 - 2017-12-19 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree
2017-12-18 20:35 - 2017-12-18 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-18 20:35 - 2017-12-18 20:35 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-12-18 20:18 - 2017-12-18 20:18 - 000000000 ____D C:\Users\Brian\AppData\Roaming\AVAST Software
2017-12-18 20:14 - 2017-12-18 20:14 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-12-18 20:14 - 2017-12-18 20:14 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-18 19:56 - 2017-12-18 20:07 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-18 19:56 - 2017-12-18 19:56 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-18 19:51 - 2017-12-18 19:52 - 011201632 _____ (Piriform Ltd) C:\Users\Brian\Downloads\ccsetup538 (1).exe
2017-12-16 17:49 - 2017-12-16 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-16 16:00 - 2017-12-16 17:49 - 000000000 ____D C:\Program Files\iTunes
2017-12-16 16:00 - 2017-12-16 16:00 - 000000000 ____D C:\Program Files\iPod
2017-12-14 19:53 - 2017-12-14 19:53 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-12-14 19:53 - 2017-12-14 19:53 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-12-14 19:53 - 2017-12-14 19:53 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-12-14 19:53 - 2017-12-14 19:53 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-12-14 19:53 - 2017-12-14 19:53 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-12-14 19:53 - 2017-12-14 19:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-12-14 19:53 - 2017-12-14 19:53 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-12-14 19:53 - 2017-12-14 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-12-14 19:37 - 2017-12-14 19:37 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-12-12 21:16 - 2017-12-22 07:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-12 21:16 - 2017-12-22 07:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 19:55 - 2017-12-07 16:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-12 19:55 - 2017-12-07 15:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-12 19:54 - 2017-12-08 00:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-12 19:54 - 2017-12-07 17:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-12 19:54 - 2017-12-07 17:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-12 19:54 - 2017-12-07 17:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-12 19:54 - 2017-12-07 17:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-12 19:54 - 2017-12-07 17:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-12 19:54 - 2017-12-07 17:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-12 19:54 - 2017-12-07 17:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-12 19:54 - 2017-12-07 17:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-12 19:54 - 2017-12-07 17:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-12 19:54 - 2017-12-07 17:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-12 19:54 - 2017-12-07 17:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-12 19:54 - 2017-12-07 17:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-12 19:54 - 2017-12-07 17:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-12 19:54 - 2017-12-07 17:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-12 19:54 - 2017-12-07 17:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-12 19:54 - 2017-12-07 16:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-12 19:54 - 2017-12-07 16:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-12 19:54 - 2017-12-07 16:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-12 19:54 - 2017-12-07 16:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-12 19:54 - 2017-12-07 16:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-12 19:54 - 2017-12-07 16:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-12 19:54 - 2017-12-07 16:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-12 19:54 - 2017-12-07 16:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-12 19:54 - 2017-12-07 16:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-12 19:54 - 2017-12-07 16:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-12 19:54 - 2017-12-07 16:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 19:54 - 2017-12-07 16:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-12 19:54 - 2017-12-07 16:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-12 19:54 - 2017-12-07 16:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-12 19:54 - 2017-12-07 16:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-12 19:54 - 2017-12-07 16:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-12 19:54 - 2017-12-07 16:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-12 19:54 - 2017-12-07 16:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 19:54 - 2017-12-07 16:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-12 19:54 - 2017-12-07 16:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-12 19:54 - 2017-12-07 16:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-12 19:54 - 2017-12-07 16:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 19:54 - 2017-12-07 16:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 19:54 - 2017-12-07 16:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-12 19:54 - 2017-12-07 16:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-12 19:54 - 2017-12-07 16:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-12 19:54 - 2017-12-07 16:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-12 19:54 - 2017-12-07 16:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-12 19:54 - 2017-12-07 16:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 19:54 - 2017-12-07 16:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-12 19:54 - 2017-12-07 16:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-12 19:54 - 2017-12-07 16:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-12 19:54 - 2017-12-07 16:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-12 19:54 - 2017-12-07 16:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-12 19:54 - 2017-12-07 16:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-12 19:54 - 2017-12-07 16:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-12 19:54 - 2017-12-07 16:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-12 19:54 - 2017-12-07 16:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-12 19:54 - 2017-12-07 16:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-12 19:54 - 2017-12-07 16:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-12 19:54 - 2017-12-07 16:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-12 19:54 - 2017-12-07 16:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 19:54 - 2017-12-07 16:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-12 19:54 - 2017-12-07 16:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-12 19:54 - 2017-12-07 16:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-12 19:54 - 2017-12-07 16:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-12 19:54 - 2017-12-07 16:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-12 19:54 - 2017-12-07 16:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-12 19:54 - 2017-12-07 16:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-12 19:54 - 2017-12-07 16:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-12 19:54 - 2017-12-07 16:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-12 19:54 - 2017-12-07 15:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-12 19:54 - 2017-12-07 15:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-12 19:54 - 2017-12-07 15:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-12 19:54 - 2017-12-07 15:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-12 19:54 - 2017-12-07 15:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-12 19:54 - 2017-12-07 15:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-12 19:54 - 2017-12-07 15:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-12 19:54 - 2017-12-07 15:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-10 21:33 - 2016-06-29 18:29 - 000409116 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-10 21:31 - 2017-09-19 06:27 - 000000000 ___HD C:\SandBlastBackup
2018-01-10 21:31 - 2015-11-09 18:12 - 000000000 ____D C:\Users\Brian\Documents\Outlook Files
2018-01-10 21:21 - 2017-10-21 01:41 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A90AF15-7882-4AC8-940B-8F4B42CF74AC}
2018-01-10 21:05 - 2017-10-21 01:12 - 000000000 ____D C:\Users\Brian\AppData\Local\Packages
2018-01-10 20:55 - 2017-09-19 05:57 - 000000000 ____D C:\ProgramData\CheckPoint
2018-01-10 20:54 - 2017-11-28 22:38 - 000000000 ____D C:\Users\Brian\Downloads\sWeather
2018-01-10 18:41 - 2017-10-21 01:41 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBrian
2018-01-10 18:41 - 2017-10-16 00:23 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBrian.job
2018-01-10 18:15 - 2016-09-16 18:13 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2018-01-10 18:15 - 2015-11-08 04:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 18:07 - 2017-10-10 17:49 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 18:06 - 2015-11-08 04:53 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 18:05 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-10 18:04 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-10 18:00 - 2017-10-21 01:41 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1563961910-250262785-1644635927-1001
2018-01-10 18:00 - 2015-11-08 15:33 - 000002405 _____ C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-10 18:00 - 2015-11-08 15:33 - 000000000 __RDL C:\Users\Brian\OneDrive
2018-01-10 17:57 - 2017-02-15 17:52 - 000000000 ____D C:\Users\Brian\AppData\LocalLow\Mozilla
2018-01-10 17:55 - 2017-09-16 20:29 - 000000000 ____D C:\Users\Brian\AppData\Local\Epic Privacy Browser
2018-01-09 23:04 - 2017-10-21 01:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-09 21:52 - 2017-10-21 01:41 - 000004538 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-09 21:52 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-09 21:52 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-09 20:08 - 2015-12-09 17:52 - 000000000 ____D C:\ProgramData\IDrive
2018-01-09 19:16 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-09 19:16 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-09 18:51 - 2017-10-29 23:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-01-09 07:51 - 2017-10-21 01:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-09 07:51 - 2017-05-17 18:58 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2018-01-09 07:51 - 2017-05-17 18:58 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2018-01-08 23:59 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-08 16:40 - 2016-09-02 20:03 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-01-08 14:55 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-08 14:15 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-08 14:10 - 2011-07-15 00:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-07 17:30 - 2017-10-21 01:05 - 001178616 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-07 17:23 - 2017-06-13 17:45 - 000000000 ____D C:\Program Files (x86)\Cliqz Maintenance Service
2018-01-07 17:23 - 2017-06-13 17:45 - 000000000 ____D C:\Program Files (x86)\CLIQZ
2018-01-06 15:06 - 2015-11-08 16:49 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-05 17:12 - 2017-06-13 17:45 - 000001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIQZ.lnk
2018-01-05 04:33 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-05 04:33 - 2015-12-13 16:37 - 000000000 ___RD C:\Users\Brian\3D Objects
2018-01-05 04:33 - 2015-09-09 23:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-05 01:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-05 01:12 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-05 01:12 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-05 01:12 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-05 01:12 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-05 01:12 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-05 01:12 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-05 01:12 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-05 01:12 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-05 01:12 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-05 00:37 - 2017-09-29 07:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-05 00:35 - 2017-09-29 07:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-05 00:35 - 2017-09-29 07:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-04 23:55 - 2017-09-30 01:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-04 14:30 - 2017-03-14 21:12 - 000000000 ____D C:\Program Files (x86)\IDriveWindows
2018-01-03 23:35 - 2015-11-15 12:58 - 000000000 ____D C:\Users\Brian\AppData\Roaming\Dashlane
2018-01-03 23:34 - 2015-11-15 12:58 - 000000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-12-29 21:47 - 2017-09-30 01:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-29 18:11 - 2017-09-30 01:45 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2017-12-23 15:12 - 2016-09-20 21:09 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBRIAN-HP$.job
2017-12-19 22:09 - 2017-10-21 01:41 - 000003290 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBRIAN-HP$
2017-12-19 19:37 - 2016-08-22 17:17 - 000000000 ____D C:\Users\Brian\Documents\Personal and Confidential
2017-12-18 20:36 - 2016-01-09 14:02 - 000000000 ____D C:\ProgramData\Skype
2017-12-18 20:33 - 2017-04-06 21:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-18 19:56 - 2017-10-30 23:15 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-12-18 19:55 - 2017-10-30 23:15 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-17 15:57 - 2017-10-29 10:01 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-14 19:37 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-13 22:34 - 2017-10-24 18:49 - 000000174 _____ C:\Users\Brian\BullseyeCoverageError.txt
2017-12-13 00:47 - 2017-10-21 01:11 - 000000000 ____D C:\Users\Brian

==================== Files in the root of some directories =======

2016-09-12 20:23 - 2017-01-02 15:03 - 000000258 _____ () C:\ProgramData\fontcacheev1.dat
2017-06-14 21:11 - 2017-06-14 21:11 - 000000357 _____ () C:\Users\Brian\AppData\Local\LMIR0001.tmp_r.bat
2017-06-15 18:23 - 2017-06-15 18:23 - 000000357 _____ () C:\Users\Brian\AppData\Local\LMIR0002.tmp_r.bat
2016-03-17 19:24 - 2016-03-17 19:24 - 000007602 _____ () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-07 22:25

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Brian (10-01-2018 21:34:46)
Running from C:\Users\Brian\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-10-21 07:52:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1563961910-250262785-1644635927-500 - Administrator - Disabled)
Brian (S-1-5-21-1563961910-250262785-1644635927-1001 - Administrator - Enabled) => C:\Users\Brian
DefaultAccount (S-1-5-21-1563961910-250262785-1644635927-503 - Limited - Disabled)
Guest (S-1-5-21-1563961910-250262785-1644635927-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1563961910-250262785-1644635927-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1563961910-250262785-1644635927-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.196 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{18BBF24A-6D04-4CA4-B6B4-1CF372162EEC}) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AOMEI Backupper Free (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.151 - Bitdefender)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.12 - BleachBit)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Brave) (Version: 0.18.36 - Brave Software)
ccc-core-static (HKLM-x32\...\{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}) (Version: 2010.1123.1002.17926 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Check Point EFR Light Agent (HKLM\...\{874247F2-92EB-44E2-A8BE-31426894D293}) (Version: 86.0.2389 - Check Point Software Technologies Ltd.) Hidden
Cliqz 1.17.4 (x86 en-US) (HKLM-x32\...\Cliqz 1.17.4 (x86 en-US)) (Version: 1.17.4 - Cliqz GmbH)
Cliqz Maintenance Service (HKLM\...\CliqzMaintenanceService) (Version: 1.13.6 - Cliqz GmbH)
Core Temp 1.10.2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.10.2 - ALCPU)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.2.1) (Version: 5.0.2.1 - Coupons.com Incorporated)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Cybereason RansomFree 2.4.2.0 (HKLM-x32\...\{2A15E1FB-A1F5-4F11-B033-D8DB1E37C1E9}) (Version: 2.4.2.0 - Cybereason Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Dashlane) (Version: 5.3.2.14186 - Dashlane SAS)
DetectorTools (HKLM-x32\...\{E8F0431A-A158-49F6-96AC-7C1380D9AF21}) (Version: 1.11.100 - Escort)
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
Diskeeper 16 (HKLM\...\{24CA6BF3-C7E2-4E11-9009-A0A34B97413E}) (Version: 19.0.1214.64 - Condusiv Technologies)
Epic Privacy Browser (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Epic) (Version: 62.0.3202.94 - Epic)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Fort - File encryption for Windows (HKLM\...\{9A974296-4913-4776-9892-F4EB17B513FB}_is1) (Version: 2.0.0.0 - Niko Rosvall)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{22FCD3B0-CAA7-444A-84AC-75716545EAB9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710a-f Product Improvement Study (HKLM\...\{8F3591D0-074B-4F7B-A269-39FE61C9CB5C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (HKLM-x32\...\{751D221F-7C37-C83F-1973-A1F92A0F4DF6}) (Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{BE8F64BA-7E51-4FB8-AE03-04C7200043A2}) (Version: 12.7.2.58 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2165 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Edition_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0 (x64 en-US)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NirSoft RegScanner (HKLM-x32\...\NirSoft RegScanner) (Version:  - )
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
[email protected] (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
Pale Moon 26.3.3 (x86 en-US) (HKLM-x32\...\Pale Moon 26.3.3 (x86 en-US)) (Version: 26.3.3 - Moonchild Productions)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (HKLM-x32\...\{415b7aee-0fe7-4ecc-8dda-324545bb1938}) (Version: 18.1.2.179 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{5185C946-9278-48AE-8090-599C0EB13BED}) (Version: 18.1.2.179 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{692AC224-5A8F-4F71-B539-5145190C0A60}) (Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3621 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
TunesKit Audiobook Converter 2.3.2.10 (HKLM-x32\...\TunesKit Audiobook Converter_is1) (Version:  - TunesKit, Inc.)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (HKLM-x32\...\{E60AFF01-6087-47BD-8272-61FA3CFC309D}) (Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Companion (HKLM-x32\...\{bf823098-ca8a-4f81-acac-b1bbb8008863}) (Version: 4.0.1777.3330 - Lavasoft)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
Windows Driver Package - ESCORT Inc. (WinUSB) MyDeviceClass  (08/10/2016 ) (HKLM\...\7F054465A547FA1D530CCF24524C5224A32F5A99) (Version: 08/10/2016  - ESCORT Inc.)
Windows Driver Package - ESCORT, Inc. (usbser) Ports  (04/24/2013 1.0.0.0) (HKLM\...\81CF09C262F2AF50FED94F55B77F731D76C948F2) (Version: 04/24/2013 1.0.0.0 - ESCORT, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinX DVD Ripper Platinum 7.5.17 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WinX HD Video Converter Deluxe 5.9.6 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
WonderFox DVD Video Converter 8.8 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 8.8 - WonderFox Soft, Inc.)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0165 - Check Point Software)
ZoneAlarm Firewall (HKLM-x32\...\{3B214EF2-9413-4300-96DB-165ECA1ED736}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.504.17269 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{A51FEF33-C7A2-492E-840B-35A85D1F007E}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2018-01-03] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2018-01-03] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2018-01-03] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [Extension] -> {2fb5abfc-f61e-3778-89c5-7a57c7566223} => C:\WINDOWS\System32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2018-01-03] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2018-01-03] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll [2015-11-15] (RealNetworks, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [Extension] -> {2fb5abfc-f61e-3778-89c5-7a57c7566223} => C:\WINDOWS\System32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2018-01-03] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01ED203E-E769-4C86-A0CF-DEC2950960AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {06A322B7-7058-40E5-83E8-190A4E73D81A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {0F276872-AB99-46F3-A08E-BA357BF36A48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {0F7CAE4F-9DE1-43E3-A6E8-C77313EB7E10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {18AD7D57-DFD5-4BCC-8EEA-E63435130B8D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2B790A28-F946-4A0F-97B5-0EB97BE9934C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {2D1E5499-D4B1-49C2-B834-AD4BCEBC38F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {30F1527F-1159-4BAB-8013-C9EAED858B43} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-08] (Microsoft Corporation)
Task: {341A5A91-8362-4F47-B457-2E871B4B19FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4BEFC552-1320-4335-B4E9-8925023EFBA1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-08] (Microsoft Corporation)
Task: {4C962F10-32F1-4D4C-8632-1A275A36CE52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6524C1D9-7891-4E88-A958-B34C20D2346E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {67BBD5B0-09A6-42B4-A932-D4A5B0DB3FBF} - System32\Tasks\HPCeeScheduleForBRIAN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {682DA36B-41EA-48BB-AD0E-5670EA640788} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {6A687389-07A2-42BD-BCBE-9727CF37DEF3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-08] (Microsoft Corporation)
Task: {70F69AC2-AE44-4428-8580-7AFFB8AF95B3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7FA484FA-6FF3-4578-B7CD-EA43C11F09A0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {80B1311C-5F20-47B4-803A-7383240C33B8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1563961910-250262785-1644635927-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {8B5460D2-1E35-420A-B596-38AB4471CE11} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {92741044-7CFA-4BF0-97B3-DF05B539CA26} - System32\Tasks\ModemBooster_Run => C:\Program Files (x86)\inKline Global\Modem Booster\ModemBooster.exe
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A9B32E4E-00E9-4C0A-81EA-FAC4E87128FD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1563961910-250262785-1644635927-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-11-04] (RealNetworks, Inc.)
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ACD673B3-34A0-43AE-8710-E21E79A58BB3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {AECF3AE5-8D63-4D4A-90F7-33B40365CD04} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B4D4E86B-D688-44B1-BAC9-DE56CFA8FE85} - System32\Tasks\{4ABB3C9A-AA10-471F-BBDD-71AB9D4E726D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {B9F1C6BE-AD04-4C0E-B7BB-5A691C4175DF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1563961910-250262785-1644635927-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BF355FA7-DFC3-4EDA-AF75-D65FD6AA1BF4} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C20D3F74-A273-407C-8621-C05C4C3635DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-10] (Microsoft Corporation)
Task: {C227213B-32FF-4722-B84B-BE6D1194EBA6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CBF6DBA9-F3CF-4FB6-A56E-AFD9D34EECE8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {CF077B7A-6F49-449F-BC12-B3A17BE7D4F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {D49161D9-1CF6-4461-958A-72743729BE58} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {D5AF4E58-7D75-4571-9F64-C3CBD2BE9AFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {D7C5CE96-D2C3-4346-9789-E2A1D5394191} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {D8316FF3-AB36-43DA-8088-DB94607B1230} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {E8F7FD7B-F8E9-47E7-B7E9-DD961815BA5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {ECE6389A-6BE9-4090-9CF0-13A048F00081} - System32\Tasks\{ADBAC735-778A-4C39-BD7A-5B45EE8BFCF4} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Brian\Downloads\adguardInstaller (3).exe" -d C:\Users\Brian\Downloads
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EFD052DB-CD8A-4B83-8AB3-2062CCD12CE5} - System32\Tasks\HPCeeScheduleForBrian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F31E9816-34F9-4F79-95EA-B0036CA1DAB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {F335997A-3F0F-4260-A3F2-7EC55D45ED97} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {F8934F0C-AEF2-4BC2-B941-09264B17B041} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {FC0FA31B-488F-4E7A-814B-0831FD99207C} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForBRIAN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForBrian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-11-16 17:04 - 2017-12-10 00:30 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-09 16:33 - 2016-11-09 16:33 - 000637952 _____ () C:\Program Files\Condusiv Technologies\Diskeeper\boost_log-vc110-mt-1_54.dll
2016-11-09 16:33 - 2016-11-09 16:33 - 000098304 _____ () C:\Program Files\Condusiv Technologies\Diskeeper\boost_thread-vc110-mt-1_54.dll
2016-11-09 16:33 - 2016-11-09 16:33 - 000050176 _____ () C:\Program Files\Condusiv Technologies\Diskeeper\boost_date_time-vc110-mt-1_54.dll
2016-11-09 16:33 - 2016-11-09 16:33 - 000116224 _____ () C:\Program Files\Condusiv Technologies\Diskeeper\boost_filesystem-vc110-mt-1_54.dll
2016-11-09 16:33 - 2016-11-09 16:33 - 000019456 _____ () C:\Program Files\Condusiv Technologies\Diskeeper\boost_system-vc110-mt-1_54.dll
2016-11-09 16:33 - 2016-11-09 16:33 - 000028672 _____ () C:\Program Files\Condusiv Technologies\Diskeeper\boost_chrono-vc110-mt-1_54.dll
2018-01-04 14:25 - 2018-01-03 18:17 - 000834048 _____ () C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-03 15:19 - 2017-11-26 06:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-03 15:31 - 2017-11-26 06:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-17 18:58 - 2017-05-17 12:58 - 000083608 _____ () C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
2018-01-09 19:05 - 2018-01-09 19:05 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-17 09:30 - 2017-10-17 09:30 - 000035064 _____ () c:\program files (x86)\checkpoint\endpoint security\tpcommon\cipolla\sbacipollasrvhost.exe
2018-01-05 09:47 - 2018-01-05 09:47 - 000054128 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
2018-01-04 14:25 - 2018-01-03 18:17 - 000601600 _____ () C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2017-05-17 18:58 - 2017-05-17 12:58 - 000931480 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000329368 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000247448 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000128664 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000034456 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000489112 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000075416 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000108184 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000345752 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2017-05-17 18:58 - 2015-05-21 13:32 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2017-05-17 18:58 - 2017-05-17 12:58 - 000714392 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000120472 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000083608 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000067224 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000292504 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000972440 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000161432 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000288408 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000108184 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000259736 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2017-05-17 18:58 - 2017-05-17 12:57 - 000181912 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2017-11-14 08:32 - 2017-12-08 23:03 - 000110184 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2017-05-13 18:36 - 2017-12-08 23:03 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2017-05-13 18:36 - 2017-12-08 23:03 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2017-05-13 18:36 - 2017-12-08 23:03 - 000330856 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2017-05-13 18:36 - 2017-12-08 23:03 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2017-12-14 19:41 - 2017-12-14 19:43 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll
2017-12-14 19:37 - 2017-12-14 19:47 - 001010856 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2017-05-21 11:18 - 2017-05-21 11:18 - 000115960 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2015-07-20 10:26 - 2015-07-20 10:26 - 001058320 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CloudServices.dll
2017-06-13 12:41 - 2017-06-13 12:41 - 000087288 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2017-06-13 12:41 - 2017-06-13 12:41 - 000063736 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsWrapperLib.dll
2017-06-13 12:41 - 2017-06-13 12:41 - 000058616 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsLib.dll
2017-12-14 19:38 - 2017-12-14 19:38 - 000164016 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12731 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 07:46 - 2017-09-29 07:44 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "hpsysdrv"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ATT_McciTrayApp"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PDF Complete"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
HKLM\...\StartupApproved\Run32: => "hpsysdrv"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "FileHippo.com"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "Adguard"
HKU\S-1-5-21-1563961910-250262785-1644635927-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9765DC79-A40A-4960-86B8-EDAE6F4A7104}] => (Allow) C:\Program Files (x86)\CLIQZ\cliqz.exe
FirewallRules: [{FEFA48CD-71CE-4466-91DB-2DF604D82876}] => (Allow) C:\Program Files (x86)\CLIQZ\cliqz.exe
FirewallRules: [{E2555530-BF5F-4981-944B-DB4FF7F163C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3A854C57-D837-43F1-BB92-8E4A4B74A4BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

10-01-2018 18:03:08 Windows Update
10-01-2018 18:05:51 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2018 06:14:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/09/2018 07:06:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{692AC224-5A8F-4F71-B539-5145190C0A60}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/09/2018 08:04:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625

Error: (01/09/2018 08:04:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625

Error: (01/09/2018 08:04:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/09/2018 08:02:09 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/08/2018 02:52:49 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (6668,G,0) An attempt to open the file "C:\Users\Brian\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/08/2018 02:52:26 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (6668,G,0) An attempt to open the file "C:\Users\Brian\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/08/2018 02:45:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.0.168.192.in-addr.arpa. PTR Brian-HP.local.

Error: (01/08/2018 02:45:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.3:5353   18 3.0.168.192.in-addr.arpa. PTR Brian-HP-2.local.


System errors:
=============
Error: (01/10/2018 06:53:24 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Brian-HP\Brian SID (S-1-5-21-1563961910-250262785-1644635927-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 06:01:01 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Brian-HP\Brian SID (S-1-5-21-1563961910-250262785-1644635927-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 05:58:28 PM) (Source: DCOM) (EventID: 10016) (User: BRIAN-HP)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Brian-HP\Brian SID (S-1-5-21-1563961910-250262785-1644635927-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 05:52:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 05:52:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 05:52:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 05:52:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 07:42:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 07:42:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 07:42:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2018-01-10 21:36:58.558
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 21:36:58.556
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 21:33:44.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 21:33:44.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 21:21:50.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 21:21:50.974
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 21:15:16.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 21:15:16.677
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 21:07:22.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 21:07:22.091
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400S CPU @ 2.50GHz
Percentage of memory in use: 74%
Total physical RAM: 6126.53 MB
Available physical RAM: 1548.89 MB
Total Virtual: 9966.53 MB
Available Virtual: 3404.39 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.73 GB) (Free:350.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.25 GB) (Free:1.33 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7EF8BB38)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,851 posts
Not seeing much here.

Download the enclosed => file.Attached File  FIXLIST.txt   581bytes   4 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.
  • 0

#10
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

I am running this now, but the scanning bar has stopped moving, is this normal or did it freeze up?


  • 0

#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,851 posts
Should have ran quickly , so yes it may have froze. Reboot the computer if needed an try it again.
  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,851 posts
Are we having trouble ?

I have to sign off early work today. Do this in the mean time. I'll look at it later today.

Did you install this program ?
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe

If not I'd recommend you uninstall it

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
Then

Run malwarebytes and post a log report.

Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#13
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Here's the report:

 

CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
U3 iswSvc; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp:


  • 0

#14
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Are we having trouble ?

I have to sign off early work today. Do this in the mean time. I'll look at it later today.

Did you install this program ?
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe

If not I'd recommend you uninstall it

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
<script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window? window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)}); h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)}); var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f; if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c= 0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})(); pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=71681344afb39ee90b3705c33136dd0f&app=forums&module=ajax§ion=topics&do=quote&t=369817&p=2614006&md5check=d9222e2961edee2cdb9cac066636175a&isRte=1,mKmPV3o1Px,true,true,AyGnk31h3eg');//]]></script> adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
Then

Run malwarebytes and post a log report.

Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

 

&&0

Ok, thanks. It's time for me to get to bed so that I can go to work tomorrow and not be half asleep all day!

I will work on the above when I get home from work (right now it is 11:38 PM CST where I live). It will probably be late since tomorrow is my birthday and I plan on going out right after work and then come home.

I'll keep you posted on my progress. Thanks again.


  • 0

#15
Braind

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

I want to post this now so I don't inadvertently lose it.

 

# AdwCleaner 7.0.6.0 - Logfile created on Fri Jan 12 01:56:16 2018
# Updated on 2017/21/12 by Malwarebytes
# Database: 01-10-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Brian\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Program Files (x86)\Digital Coupon Printer
PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\yset
PUP.Optional.Spigot.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
PUP.Optional.Spigot.Generic, C:\Program Files (x86)\Coupons
PUP.Optional.WebCompanion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\System32\lavasofttcpservice.dll
PUP.Optional.Legacy, C:\Windows\SysWOW64\lavasofttcpservice.dll
PUP.Optional.Legacy, C:\Windows\System32\LavasoftTcpServiceOff.ini
PUP.Optional.Legacy, C:\Windows\SysNative\LavasoftTcpServiceOff.ini
PUP.Optional.Legacy, C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
PUP.Optional.Legacy, C:\Windows\SysNative\LavasoftTcpService64.dll
PUP.Optional.Legacy, C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\searchplugins\bing-lavasoft.xml


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Microsoft\Windows\CurrentVersion\Run | Web Companion
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Web Companion
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion, [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store | C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
Adware.PCOptimizer, [Key] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\EPIC
Adware.PCOptimizer, [Key] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\EPIC
Adware.PCOptimizer, [Key] - HKCU\Software\EPIC
Adware.PCOptimizer, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\EPIC


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: Bitly | Unleash the power of the link -
PUP.Optional.DefaultSearch.ShrtCln, Plugin found: Adaware Secure Search -
PUP.Optional.AmazonBrowserBar, Plugin found: Amazon Assistant for Chrome -

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.goog.../answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

More posts to come........

 

 

# AdwCleaner 7.0.6.0 - Logfile created on Fri Jan 12 02:35:28 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Brian\AppData\Local\YSearchUtil
Deleted: C:\Program Files (x86)\Digital Coupon Printer
Deleted: C:\Program Files (x86)\Yahoo!\yset
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Deleted: C:\Program Files (x86)\Coupons
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


***** [ Files ] *****

Deleted: C:\Windows\System32\lavasofttcpservice.dll
Deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
Deleted: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd3j7q.default\searchplugins\bing-lavasoft.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted: [Value] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Value] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
Deleted: [Key] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\EPIC
Deleted: [Key] - HKU\S-1-5-21-1563961910-250262785-1644635927-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\EPIC
Deleted: [Key] - HKCU\Software\EPIC
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\EPIC


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Bitly | Unleash the power of the link -
Plugin deleted: Adaware Secure Search -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4519 B] - [2018/1/12 1:56:16]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

 

 

MBAM Scan Results

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/11/18
Scan Time: 8:55 PM
Log File: 13ea4024-f744-11e7-b9bd-e06995dae38e.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3678
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: BRIAN-HP\Brian

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362485
Threats Detected: 73
Threats Quarantined: 73
Time Elapsed: 48 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 14
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\browsericons, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_locales\de, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_locales\en, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_locales\es, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_locales\fr, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_metadata, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_locales, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\lib, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\USERS\BRIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pcahildbjonlnmkfcdeiglkeodeijdco, Quarantined, [1734], [469400],1.0.3678

File: 59
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\adaware.eot, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\adaware.svg, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\adaware.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\adaware.woff, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\canaro-book.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\canaro-bookitalic.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\canaro-light.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\canaro-lightitalic.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\canaro-medium.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\canaro-mediumitalic.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\canaro-semibold.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\canaro-semibolditalic.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\fontawesome-webfont.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\fonts\segoeui.ttf, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\auto-complete.css, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\flexbox.css, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\new-tab.css, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\normalize.css, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\css\roboto.css, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\browsericons\icon19.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\browsericons\icon38.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\bing.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\google.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\icon-check.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\icon_128.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\icon_16.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\mountains.jpg, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\privatesearch.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\search.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\securesearch.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\yahoo.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\img\yandex.png, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\lib\auto-complete.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\lib\publicsuffixlist.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\adaware-telemetry.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\adaware-utils.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\background.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\i18n.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\messaging.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\new-tab.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\pagestore.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\polyfill.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\start.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\storage.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\tab.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\traffic.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\uritools.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\vapi-background.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\vapi-client.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\js\vapi-common.js, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_locales\de\messages.json, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_locales\en\messages.json, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_locales\es\messages.json, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_locales\fr\messages.json, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\_metadata\verified_contents.json, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\background.html, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\LICENSE.txt, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\manifest.json, Quarantined, [1734], [469400],1.0.3678
PUP.Optional.DefaultSearch, C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco\1.3.7.0_0\new-tab.html, Quarantined, [1734], [469400],1.0.3678

Physical Sector: 0
(No malicious items detected)


(end)

 

 

I have also uninstalled Adaware Web Companion.

 

I think this is all you have requested. Let me know if I missed anything.


Edited by Braind, 11 January 2018 - 10:51 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP