Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

system repair offline

Started by dmsjaj , Jan 21 2018 01:53 PM

  • This topic is locked This topic is locked

#1
dmsjaj
Posted 21 January 2018 - 01:53 PM

dmsjaj

    New Member

  • Member
  • Pip
  • 1 posts

I have been working on trying to resolve this issue for 2 weeks and at every corner, I hit another snag. This is my business computer which our company utilizes Trend Office Scan for live scanning and antivirus.  Two weeks ago, I was trying to fix an external hardrive and everything went wrong.  The virus I picked up blew through officescan, which now won't even come back on, guest user was created, along with some other ones, tagged on to a good portion of my files having the ability to execute and overwrite.  I have no function with system restore as all previous restore points have been deleted.  I have tried numerous times to utilize system repair but it still states system repair offline.  At first, the error included a bad driver, now today, I have that down to just unknown.  Malwarebytes finds a Trojan/proxy agent in the registry key with APEXSVC but when quarantined, it comes right back.  Also with Malwarebytes, it won't even stay on, so I don't have Officescan or that one for active malware protection.  sfc /scannow won't complete anything as there is a system repair that shows that it is needing to complete but with system repair offline, this can never process.  Windows updates won't operate because of the same thing.  On restart, it won't go past that.  Utilizing chkdsk stops at the 50% range because it shows errors.  I am not sure what those are.  The computer is still operational but I can't connect back to my work network until I get this resolved.  Since this was a group build unit, I don't have access to a restore cd and I definitely do not want to start over. I have tried to do some fixes through Dell, some through Microsoft, and it seems if I get one thing corrected, another pops up. I also have a redirect on chrome where Bing becomes the search engine but it won't always go to the page that I need.  I started using explorer to minimize that a little, but I am trying not to use very many webpages on the PC as I don't have an active anti-virus up and running.  Our firewall settings are managed by administrators so those are preset but I did notice that the last 4 on the firewall as approved, I previously removed as they are not valid for and I believe may have been part of the virus. 

 

I am attaching both of the FARBAR texts for your review.  I would really appreciate the help as this is really frustrating as wiping this system really isn't an option for me.

 

 

Thanks,

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by xxxxxxx (administrator) on xxxxxxx (21-01-2018 12:07:37)
Running from C:\Users\dstover\Downloads
Loaded Profiles: xxxxxxx &  (Available Profiles: Administrator & xxxxxx)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\spmtoilsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Akamai Technologies, Inc.) C:\Users\dstover\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Akamai Technologies, Inc.) C:\Users\dstover\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Users\dstover\AppData\Local\wmixbkr\cwnaxtu.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_28_0_0_137_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8925184 2014-01-14] (Dell Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe [2013072 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2462336 2015-07-24] (Trend Micro Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] => "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2018-01-08] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101506492\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101525128\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-623538099-558311655-452798024-2129\...\Run: [Akamai NetSession Interface] => C:\Users\dstover\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-623538099-558311655-452798024-2129\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-623538099-558311655-452798024-2129\...\MountPoints2: {2d1a5f09-f3cf-11e7-a1f9-74867a6b7ddf} - D:\LaunchU3.exe
HKU\S-1-5-21-623538099-558311655-452798024-2129\...\MountPoints2: {4af0480c-c431-11e7-bd46-74867a6b7ddf} - E:\win\setup.exe -phs
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\Run: [Akamai NetSession Interface] => C:\Users\dstover\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\MountPoints2: {2d1a5f09-f3cf-11e7-a1f9-74867a6b7ddf} - D:\LaunchU3.exe
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\MountPoints2: {4af0480c-c431-11e7-bd46-74867a6b7ddf} - E:\win\setup.exe -phs
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\Run: [Akamai NetSession Interface] => C:\Users\dstover\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\MountPoints2: {2d1a5f09-f3cf-11e7-a1f9-74867a6b7ddf} - D:\LaunchU3.exe
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\MountPoints2: {4af0480c-c431-11e7-bd46-74867a6b7ddf} - E:\win\setup.exe -phs
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{91ACA23A-FA85-454C-BF37-B9D2DB850F80}: [NameServer] 172.16.1.20,172.16.1.21
Tcpip\..\Interfaces\{9F125910-7525-4552-ABA3-F8B31A58EAAA}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-623538099-558311655-452798024-2129 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-22] (Microsoft Corporation)
Handler: WSISAllmytubechrome - No CLSID Value
Handler: WSKVAllmytubechrome - No CLSID Value

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-09-23] [Legacy] [not signed]
FF HKU\S-1-5-21-623538099-558311655-452798024-2129\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2018-01-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\dstover\AppData\Local\Google\Chrome\User Data\Default [2018-01-21]
CHR Extension: (Norton Identity Safe) - C:\Users\dstover\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-01-17]
CHR Extension: (No Name) - C:\Users\dstover\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\dstover\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-10]
CHR Extension: (No Name) - C:\Users\dstover\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2017-09-23]
CHR Profile: C:\Users\dstover\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-12]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-623538099-558311655-452798024-2129\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-22] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-22] (Dropbox, Inc.)
S4 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2018-01-08] (Dropbox, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329192 2016-06-02] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5269056 2015-12-24] (Trend Micro Inc.)
S4 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592952 2015-12-28] (Trend Micro Inc.)
S4 tmccsf; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe [728024 2015-12-24] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5229232 2015-12-24] (Trend Micro Inc.)
S4 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1944344 2015-05-28] (UltraVNC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 apexpsvc; "C:\Users\dstover\AppData\Local\gvkxelho\apexpsvc.exe" /svc [X]
S2 PlexUpdateService; "C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-20] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-21] (Malwarebytes)
R1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-20] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-21] (Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [119096 2015-12-09] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [435416 2018-01-17] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [78136 2015-12-09] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393944 2017-03-21] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66776 2017-03-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
S3 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2621144 2017-03-21] (Trend Micro Inc.)
S3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 ampa; \??\C:\Windows\system32\ampa.sys [X]
R3 ehkoru; system32\drivers\koruxb.sys [X]
S3 loruyb; system32\drivers\ruybeh.sys [X]
S0 TMEBC; system32\DRIVERS\TMEBC64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-21 12:07 - 2018-01-21 12:08 - 000017799 _____ C:\Users\dstover\Downloads\FRST.txt
2018-01-21 12:06 - 2018-01-21 12:07 - 000000000 ____D C:\FRST
2018-01-21 11:55 - 2018-01-21 11:55 - 002393088 _____ (Farbar) C:\Users\dstover\Downloads\FRST64.exe
2018-01-21 10:06 - 2018-01-21 10:06 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-21 09:06 - 2018-01-21 09:21 - 000002154 _____ C:\Users\dstover\Desktop\Rkill.txt
2018-01-21 09:06 - 2018-01-21 09:06 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\dstover\Downloads\rkill64.exe
2018-01-21 09:05 - 2018-01-21 09:05 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\dstover\Downloads\rkill.exe
2018-01-21 08:31 - 2018-01-21 08:33 - 074681768 _____ (MiniTool Solution Ltd. ) C:\Users\dstover\Downloads\pw102-free.exe
2018-01-20 23:44 - 2018-01-20 23:44 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-20 23:43 - 2018-01-21 10:06 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-20 23:43 - 2018-01-20 23:43 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-20 23:43 - 2018-01-20 23:43 - 000001829 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-20 23:43 - 2018-01-20 23:43 - 000001829 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2018-01-20 23:43 - 2018-01-20 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-20 23:43 - 2018-01-20 23:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-20 23:43 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-20 23:42 - 2018-01-20 23:42 - 082634184 _____ (Malwarebytes ) C:\Users\dstover\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3739.exe
2018-01-20 16:35 - 2016-03-14 08:38 - 000117464 _____ (STMicroelectronics) C:\Windows\system32\Drivers\ST_Accel.sys
2018-01-20 16:35 - 2015-12-09 13:19 - 001804688 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2018-01-20 15:54 - 2018-01-20 15:55 - 129182568 _____ (Trend Micro Inc.) C:\Users\dstover\Documents\Rescuedisk.exe
2018-01-20 14:00 - 2018-01-20 14:00 - 000003150 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2018-01-20 13:33 - 2018-01-20 13:33 - 000001352 _____ C:\Users\dstover\Desktop\WindowsUpdate.BAT
2018-01-20 13:17 - 2018-01-20 13:21 - 000000000 ____D C:\Windows\softwardistribution.old
2018-01-20 11:30 - 2018-01-20 20:47 - 000000000 ____D C:\Users\dstover\AppData\Roaming\JAM Software
2018-01-20 09:37 - 2018-01-20 09:37 - 000000000 _____ C:\Users\dstover\dism
2018-01-20 08:10 - 2018-01-20 08:10 - 000000200 _____ C:\Windows\system32\list
2018-01-19 22:57 - 2017-11-21 12:27 - 000130920 _____ C:\Users\dstover\authroot.stl
2018-01-19 22:22 - 2018-01-19 22:22 - 000003424 _____ C:\Windows\System32\Tasks\{6BA9E8F0-B7C0-4CF8-AC93-C7B38336343A}
2018-01-19 21:36 - 2018-01-19 21:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-19 21:36 - 2018-01-19 21:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-19 21:36 - 2018-01-19 21:36 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-19 21:36 - 2018-01-19 21:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-19 20:08 - 2018-01-19 20:10 - 000000000 ____D C:\Windows\softwaredistribution.old
2018-01-19 16:27 - 2013-08-16 04:21 - 002213376 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2018-01-19 16:27 - 2013-08-16 04:21 - 000697856 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2018-01-19 16:26 - 2018-01-19 16:28 - 000000000 ____D C:\Program Files\IDT
2018-01-19 16:26 - 2016-03-14 08:38 - 001730320 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2018-01-19 15:16 - 2012-02-27 18:01 - 000788760 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2018-01-19 15:16 - 2012-02-27 18:01 - 000356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2018-01-19 15:16 - 2012-02-27 18:01 - 000016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2018-01-19 15:14 - 2012-01-22 08:59 - 005439040 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS
2018-01-19 15:14 - 2012-01-22 08:55 - 000095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2018-01-19 15:14 - 2012-01-22 08:35 - 003654656 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2018-01-19 15:14 - 2012-01-22 08:34 - 004378624 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2018-01-19 15:13 - 2018-01-19 15:14 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-01-19 11:12 - 2018-01-19 22:53 - 000000011 _____ C:\AuResult.ini
2018-01-19 11:09 - 2018-01-19 11:09 - 000003246 _____ C:\Windows\System32\Tasks\{79EAB2E1-4038-4AB5-8699-F5C3734A1DB8}
2018-01-19 11:05 - 2018-01-19 11:05 - 000003242 _____ C:\Windows\System32\Tasks\{1B53C9B0-1C92-4EF6-B429-DA4095534B0A}
2018-01-19 10:17 - 2018-01-20 12:07 - 000000000 ___DC C:\Users\dstover\AppData\Local\MigWiz
2018-01-19 08:49 - 2018-01-19 08:49 - 001167046 _____ C:\Users\dstover\Downloads\Certificates.pdf
2018-01-19 07:34 - 2018-01-21 08:22 - 000000000 ____D C:\Users\dstover\AppData\Local\dwrciak
2018-01-19 06:17 - 2011-07-15 21:31 - 000022128 _____ (ST Microelectronics) C:\Windows\system32\Drivers\stdcfltn.sys
2018-01-18 22:19 - 2018-01-18 22:20 - 000000000 ____D C:\Users\dstover\Documents\WPA Files
2018-01-18 22:19 - 2018-01-18 22:19 - 000000000 ____D C:\Users\dstover\AppData\Local\Windows Performance Analyzer
2018-01-18 22:15 - 2018-01-18 22:15 - 000000000 ____D C:\Users\dstover\Documents\Windows Assessment Console
2018-01-18 22:15 - 2018-01-18 22:15 - 000000000 ____D C:\Users\dstover\Documents\Assessment Results
2018-01-18 22:15 - 2018-01-18 22:15 - 000000000 ____D C:\Users\dstover\AppData\Local\Windows Assessment Console
2018-01-18 22:15 - 2018-01-18 22:15 - 000000000 ____D C:\Users\dstover\AppData\Local\Microsoft_Corporation
2018-01-18 22:05 - 2018-01-18 22:05 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-01-18 22:05 - 2014-02-20 05:52 - 000048304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RegHiveRecovery.sys
2018-01-18 20:59 - 2018-01-18 20:59 - 000003134 _____ C:\Windows\System32\Tasks\{DD450393-95AD-43B0-8E04-300795712D08}
2018-01-18 20:59 - 2018-01-18 20:59 - 000000000 ____D C:\Users\dstover\Documents\log
2018-01-18 20:57 - 2018-01-18 20:57 - 009300208 _____ (Macrovision Corporation) C:\Users\dstover\Documents\WPAO_en_v1.4.exe
2018-01-18 20:57 - 2018-01-18 20:57 - 000000000 ____D C:\Users\dstover\AppData\Local\Akamai
2018-01-18 20:41 - 2018-01-18 20:41 - 000003322 _____ C:\Windows\System32\Tasks\{A2EDA7C0-3150-4C8B-9BF6-D1AED35D7280}
2018-01-18 20:38 - 2018-01-18 20:38 - 002527376 _____ (Trend Micro Inc.) C:\Users\dstover\Desktop\HousecallLauncher64.1516327939
2018-01-18 20:35 - 2018-01-18 20:35 - 006503800 _____ (Trend Micro Inc.) C:\Users\dstover\Downloads\attk_collector_cli_x64.exe
2018-01-18 20:29 - 2018-01-18 20:29 - 000000036 _____ C:\Users\dstover\AppData\Local\housecall.guid.cache
2018-01-18 20:29 - 2018-01-18 20:29 - 000000000 ____D C:\Users\dstover\Downloads\TrendMicro AntiThreat Toolkit
2018-01-18 19:34 - 2018-01-21 10:12 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-18 19:13 - 2012-01-22 08:55 - 000095544 _____ (Broadcom Corporation) C:\Windows\system32\OLDBB1C.tmp
2018-01-18 19:13 - 2012-01-22 08:34 - 004378624 _____ (Broadcom Corporation) C:\Windows\system32\OLDBB5C.tmp
2018-01-18 18:13 - 2018-01-18 18:13 - 000012620 _____ C:\Users\dstover\Desktop\Dell Original Configuration.txt
2018-01-18 18:11 - 2018-01-18 18:11 - 000000000 ____D C:\ProgramData\PC-Doctor, Inc
2018-01-18 18:10 - 2018-01-18 18:10 - 000004016 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2018-01-18 18:10 - 2018-01-18 18:10 - 000003328 _____ C:\Windows\System32\Tasks\PCDDataUploadTask
2018-01-18 18:10 - 2018-01-18 18:10 - 000003204 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2018-01-18 17:51 - 2018-01-18 17:51 - 000003796 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-01-18 16:32 - 2018-01-21 10:38 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2018-01-18 16:32 - 2018-01-19 16:38 - 000000000 ____D C:\ProgramData\PCDr
2018-01-18 16:32 - 2018-01-19 05:58 - 000002264 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-01-18 16:32 - 2018-01-19 05:58 - 000002264 _____ C:\ProgramData\Desktop\SupportAssist.lnk
2018-01-18 16:32 - 2018-01-18 16:32 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows
2018-01-18 16:32 - 2018-01-18 16:32 - 000000000 ____D C:\Program Files\Dell Support Center
2018-01-18 16:30 - 2018-01-18 18:11 - 000000000 ____D C:\Users\dstover\AppData\Roaming\PCDr
2018-01-18 16:30 - 2018-01-18 16:40 - 000000000 ____D C:\temp
2018-01-18 16:29 - 2018-01-18 16:29 - 000000000 ____D C:\ProgramData\SupportAssist
2018-01-18 16:29 - 2018-01-18 16:29 - 000000000 ____D C:\ProgramData\Dell Inc
2018-01-18 15:47 - 2018-01-18 15:47 - 000707235 _____ C:\Users\dstover\Desktop\Windows10andWindowsServer2016PolicySettings.xlsx
2018-01-18 15:25 - 2018-01-18 15:25 - 000707833 _____ C:\Users\dstover\Downloads\Windows10andWindowsServer2016PolicySettings.xlsx
2018-01-18 14:43 - 2018-01-18 14:43 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-01-18 14:23 - 2018-01-20 11:16 - 000000000 ____D C:\Users\dstover\AppData\Local\wmixbkr
2018-01-18 12:34 - 2018-01-18 12:34 - 000021254 _____ C:\Users\dstover\Desktop\ADI Kelvinator Inventory 12-28-2017 (002).xlsx
2018-01-17 10:42 - 2018-01-17 10:42 - 000000000 ____D C:\Windows\System32\Tasks\Norton Remove and Reinstall
2018-01-17 08:06 - 2018-01-17 08:06 - 000003162 _____ C:\Windows\System32\Tasks\{527B88B9-D0A9-41AC-8D8D-042AE1736986}
2018-01-17 07:42 - 2018-01-18 20:59 - 000000000 ____D C:\Users\dstover\Documents\TMRBLog
2018-01-17 07:39 - 2018-01-17 08:07 - 000000000 ____D C:\Users\dstover\Documents\sysclean
2018-01-17 07:38 - 2018-01-17 07:38 - 005228804 _____ C:\Users\dstover\Documents\sysclean.zip
2018-01-17 00:10 - 2018-01-17 01:04 - 000119960 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR520.SYS
2018-01-17 00:10 - 2018-01-17 00:59 - 000002458 _____ C:\Windows\system32\Drivers\SMR520.dat
2018-01-17 00:10 - 2018-01-17 00:58 - 000000000 ____D C:\Users\dstover\AppData\Local\NPE
2018-01-17 00:08 - 2018-01-17 00:19 - 000000000 ____D C:\Users\dstover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2018-01-16 07:34 - 2018-01-16 07:34 - 000001614 _____ C:\Users\dstover\Documents\regbackup.reg
2018-01-15 17:44 - 2018-01-15 17:44 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-01-15 08:38 - 2018-01-21 12:08 - 000000000 ____D C:\ProgramData\TEMP
2018-01-15 08:27 - 2018-01-15 08:27 - 000000000 ____D C:\Users\dstover\Documents\Custom Office Templates
2018-01-15 02:42 - 2018-01-15 02:42 - 000002847 _____ C:\Windows\SysWOW64\servers.def.vpx
2018-01-15 02:42 - 2018-01-15 02:42 - 000000446 _____ C:\Windows\SysWOW64\prod-pgm.vpx
2018-01-15 02:42 - 2018-01-15 02:42 - 000000039 _____ C:\Windows\SysWOW64\Stats.ini
2018-01-15 02:11 - 2018-01-15 02:11 - 000000834 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2018-01-14 18:43 - 2018-01-14 21:50 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7442A339.sys
2018-01-14 18:20 - 2018-01-19 17:07 - 000000000 ____D C:\rsit
2018-01-14 17:23 - 2018-01-14 17:23 - 000002990 _____ C:\Windows\System32\Tasks\{2F857FB8-0633-4937-A5DA-3BA6C4DD4A40}
2018-01-14 17:22 - 2018-01-14 17:22 - 000002990 _____ C:\Windows\System32\Tasks\{B420C63D-A63E-403A-8350-25D8AFB18ABB}
2018-01-14 14:27 - 2018-01-19 18:35 - 000000000 ____D C:\$AV_ASW
2018-01-14 03:10 - 2018-01-14 03:12 - 000000000 _____ C:\Windows\system32\last.dump
2018-01-14 02:22 - 2018-01-14 02:22 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-01-14 02:15 - 2018-01-14 02:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe3c73dd1f9b74f5a.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\asw51d67794dcf8c134.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1c1e09a3ddcdd760.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\asw b10c5090ba5aa74.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswde5be8ce60284c78.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8a34baa5b6f747ca.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw68b9c974936b435f.tmp
2018-01-14 02:15 - 2018-01-14 02:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1ec47d90c55f784d.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbac39074642f11e1.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb32baf34684092ed.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7317786c11cce406.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2dd43e6cfaeb681e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151591778091609
2018-01-14 02:15 - 2018-01-14 02:14 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf6c45d7e63acc8a9.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa8d935f8fab94055.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa25064183a1133bb.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw17ee1e46a3c3012b.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd810ba9ff3d2d620.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa88a6dc842159c33.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8da8c8eaa17fd850.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1042b2416f0f6365.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf724efd1b3e48d6c.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf583e594c0591a65.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb2de362c5a196033.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9f002bc231b550a6.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe069dae6712bc71e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5d3868920dcb9d3f.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3681e45c29a4fcb2.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw182a6dd16d1f68ff.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asweff976d27367c133.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcabb241b1eb3e91e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw345d255bc827e2d9.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw14f50540728ff152.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcc4709dc59cabc6e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8e9b7d324c2481af.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7a1814a29ee0d578.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw51d9b4b2e1ae38a2.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe3797ecd589c299b.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw86c2a802c5ec69d4.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6c904cc9c7e09a5d.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw178b54ea4b658fb5.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys.151591778091609
2018-01-14 02:15 - 2018-01-14 02:14 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe19cf4e55d15dcf2.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc342e666ee1c1aaa.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa3b84beab234c720.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8b21030f3e17ce48.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswab414e8392921f53.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa7113b5e46bd160e.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\asw569b661a9411e5d0.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\asw11b15b62a0ce1884.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswfec29916fb6a9832.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcedac5caffae5573.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw74322852cc5ae1c5.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw f4d00e8604bdbdb.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd07aff6b44426153.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb574bef93c645b64.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa6796364f2385b14.tmp
2018-01-14 02:15 - 2018-01-14 02:14 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9fdf4fb8e71c6699.tmp
2018-01-13 20:38 - 2018-01-13 20:38 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-01-13 20:38 - 2018-01-13 20:38 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-01-13 20:38 - 2018-01-13 20:38 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2018-01-12 19:03 - 2018-01-12 19:03 - 000000000 ____D C:\Users\dstover\AppData\Roaming\IDT
2018-01-12 09:18 - 2018-01-12 09:18 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ST_Accel_01011.Wdf
2018-01-12 08:58 - 2013-05-30 16:25 - 000066640 _____ (ST Microelectronics) C:\Windows\system32\stdcfltnco05.dll
2018-01-12 07:54 - 2018-01-12 07:54 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-12 07:54 - 2018-01-12 07:54 - 000002213 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-01-12 06:38 - 2018-01-12 06:38 - 000000000 ____D C:\ProgramData\Intel
2018-01-12 03:38 - 2018-01-20 22:38 - 000000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2018-01-11 23:57 - 2018-01-11 23:57 - 000735376 _____ (Sysinternals - www.sysinternals.com) C:\Users\dstover\Downloads\autoruns.exe
2018-01-11 23:02 - 2018-01-11 23:03 - 040062624 _____ (Microsoft Corporation) C:\Users\dstover\Downloads\Windows-KB890830-x64-V5.56.exe
2018-01-11 20:55 - 2018-01-11 20:55 - 000001462 _____ C:\Users\dstover\Desktop\System-Utilities_Driver_K3TWC_WN_4.12.0040_A00.EXE - Shortcut.lnk
2018-01-11 16:49 - 2018-01-11 16:49 - 000478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\03FCFF6D61.sys
2018-01-11 16:00 - 2018-01-11 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-11 15:06 - 2018-01-12 00:56 - 000000000 ____D C:\Users\dstover\AppData\Local\Apps\2.0
2018-01-11 13:55 - 2018-01-11 13:55 - 000000017 _____ C:\Users\dstover\AppData\Local\resmon.resmoncfg
2018-01-10 22:22 - 2018-01-10 22:22 - 000003104 _____ C:\Windows\System32\Tasks\{61BA6795-BEC1-4C2D-8E09-772AA3C1E985}
2018-01-10 22:19 - 2018-01-10 22:27 - 000000000 ____D C:\Program Files (x86)\ST Microelectronics
2018-01-10 22:09 - 2018-01-10 22:09 - 017724392 _____ (Dell Inc.) C:\Users\dstover\Downloads\System-Utilities_Driver_K3TWC_WN_4.12.0040_A00.EXE
2018-01-10 12:20 - 2012-01-22 08:55 - 000095544 _____ (Broadcom Corporation) C:\Windows\system32\OLDA0BA.tmp
2018-01-10 12:20 - 2012-01-22 08:34 - 004378624 _____ (Broadcom Corporation) C:\Windows\system32\OLDA0BB.tmp
2018-01-10 10:59 - 2018-01-10 10:59 - 000016168 _____ C:\Windows\system32\results.xml
2018-01-10 10:39 - 2015-08-21 10:50 - 000463112 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2018-01-10 10:38 - 2016-06-02 12:48 - 001156000 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2018-01-10 10:38 - 2016-06-02 12:48 - 001151840 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2018-01-10 10:38 - 2016-06-02 12:48 - 000229664 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2018-01-10 10:38 - 2016-06-02 12:48 - 000199096 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2018-01-10 10:38 - 2016-06-02 12:48 - 000194360 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2018-01-10 10:38 - 2016-06-02 12:48 - 000169368 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2018-01-10 10:38 - 2016-06-02 12:48 - 000040712 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2018-01-10 10:38 - 2016-06-02 12:41 - 000385536 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2018-01-10 10:38 - 2016-06-02 12:41 - 000382952 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2018-01-10 10:38 - 2016-06-02 12:41 - 000295424 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2018-01-10 10:38 - 2016-06-02 12:41 - 000290792 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2018-01-10 10:38 - 2016-06-02 12:41 - 000072704 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2018-01-10 10:38 - 2016-06-02 12:41 - 000069120 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2018-01-10 10:38 - 2016-06-02 12:40 - 003802600 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2018-01-10 10:38 - 2016-06-02 12:40 - 002035704 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2018-01-10 10:38 - 2016-06-02 12:40 - 001995256 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2018-01-10 10:38 - 2016-06-02 12:40 - 001794552 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2018-01-10 10:38 - 2016-06-02 12:40 - 001766912 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2018-01-10 10:38 - 2016-06-02 12:40 - 000264192 _____ C:\Windows\system32\igfxcpl.cpl
2018-01-10 10:38 - 2016-06-02 12:40 - 000205288 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2018-01-10 10:38 - 2016-06-02 12:40 - 000193528 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2018-01-10 10:38 - 2016-06-02 12:40 - 000163832 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2018-01-10 10:38 - 2016-06-02 12:40 - 000039424 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2018-01-10 10:38 - 2016-06-02 12:39 - 000374776 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2018-01-10 10:38 - 2016-06-02 12:39 - 000229888 _____ C:\Windows\system32\igdde64.dll
2018-01-10 10:38 - 2016-06-02 12:39 - 000191488 _____ C:\Windows\SysWOW64\igdde32.dll
2018-01-10 10:38 - 2016-06-02 12:38 - 008522240 _____ (Intel Corporation) C:\Windows\system32\ig7icd64.dll
2018-01-10 10:38 - 2016-06-02 12:38 - 006509056 _____ (Intel Corporation) C:\Windows\SysWOW64\ig7icd32.dll
2018-01-10 10:38 - 2016-06-02 12:38 - 000330240 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2018-01-10 10:38 - 2016-06-02 12:37 - 000166376 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2018-01-10 10:38 - 2016-06-02 12:34 - 022914048 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2018-01-10 10:38 - 2016-06-02 12:34 - 017846264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2018-01-10 10:38 - 2016-06-02 12:34 - 000102912 _____ C:\Windows\system32\IccLibDll_x64.dll
2018-01-10 10:38 - 2016-06-02 12:16 - 002813952 _____ C:\Windows\system32\iglhxa64.cpa
2018-01-10 10:38 - 2016-06-02 12:16 - 000044025 _____ C:\Windows\system32\iglhxo64.vp
2018-01-10 10:38 - 2016-06-02 12:16 - 000043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2018-01-10 10:38 - 2016-06-02 12:16 - 000043494 _____ C:\Windows\system32\iglhxc64.vp
2018-01-10 10:38 - 2016-06-02 12:16 - 000043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2018-01-10 10:38 - 2016-06-02 12:16 - 000043256 _____ C:\Windows\system32\iglhxg64.vp
2018-01-10 10:38 - 2016-06-02 12:16 - 000042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2018-01-10 10:38 - 2016-06-02 12:16 - 000002582 _____ C:\Windows\system32\iglhxs64.vp
2018-01-10 10:38 - 2016-06-02 12:16 - 000001125 _____ C:\Windows\system32\iglhxa64.vp
2018-01-10 00:10 - 2018-01-10 00:10 - 000478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\03FCFF6D6.sys
2018-01-09 19:16 - 2018-01-09 19:16 - 000000000 ____D C:\Users\dstover\AppData\LocalLow\Hewlett-Packard
2018-01-09 19:16 - 2018-01-09 19:16 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2018-01-09 18:46 - 2018-01-09 18:46 - 000000000 ____D C:\Users\dstover\AppData\Roaming\HPPSDr
2018-01-09 17:53 - 2018-01-09 17:53 - 000478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\03FCFF6D.sys
2018-01-09 14:54 - 2018-01-11 18:05 - 000000000 ____D C:\KVRT_Data
2018-01-09 14:21 - 2018-01-10 14:41 - 000371344 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-09 08:28 - 2018-01-09 08:28 - 000000037 _____ C:\Windows\SysWOW64\SmartFlow.txt
2018-01-09 00:50 - 2018-01-09 00:50 - 000000000 ____D C:\Users\dstover\AppData\LocalLow\PCDr
2018-01-08 21:41 - 2018-01-14 17:56 - 000000000 ____D C:\Windows\system32\MpEngineStore
2018-01-08 21:17 - 2018-01-10 13:15 - 000000000 ____D C:\Program Files (x86)\Belarc
2018-01-08 15:15 - 2018-01-08 15:15 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-01-08 15:15 - 2018-01-08 15:15 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-01-08 15:15 - 2018-01-08 15:15 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-01-08 15:15 - 2018-01-08 15:15 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-01-08 11:09 - 2018-01-16 21:15 - 000027986 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-01-08 11:09 - 2018-01-16 21:10 - 000011514 _____ C:\Windows\ZAM.krnl.trace
2018-01-08 11:08 - 2018-01-08 11:08 - 000000000 ____D C:\Users\dstover\AppData\Local\Zemana
2018-01-08 08:05 - 2018-01-20 16:35 - 000000000 ____D C:\Windows\LastGood
2018-01-08 06:57 - 2018-01-08 06:57 - 000000000 ____D C:\Users\dstover\AppData\Roaming\DRPNPS
2018-01-07 22:44 - 2017-11-13 21:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-07 22:43 - 2017-11-16 22:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-07 22:43 - 2017-11-14 19:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-07 22:43 - 2017-11-14 18:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-07 22:43 - 2017-11-13 21:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-01-07 22:43 - 2017-11-13 21:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-01-07 22:43 - 2017-11-13 21:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-07 22:43 - 2017-11-13 21:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-01-07 22:43 - 2017-11-13 21:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-01-07 22:43 - 2017-11-13 21:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-07 22:43 - 2017-11-13 21:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-07 22:43 - 2017-11-13 21:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-01-07 22:43 - 2017-11-13 21:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-07 22:43 - 2017-11-13 21:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-01-07 22:43 - 2017-11-13 21:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-01-07 22:43 - 2017-11-13 21:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-07 22:43 - 2017-11-13 21:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-07 22:43 - 2017-11-13 21:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-07 22:43 - 2017-11-13 21:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-01-07 22:43 - 2017-11-13 21:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-01-07 22:43 - 2017-11-13 21:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-01-07 22:43 - 2017-11-13 21:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-07 22:43 - 2017-11-13 21:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-01-07 22:43 - 2017-11-13 21:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-01-07 22:43 - 2017-11-13 21:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-01-07 22:43 - 2017-11-13 21:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-07 22:43 - 2017-11-13 21:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-07 22:43 - 2017-11-13 21:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-07 22:43 - 2017-11-13 20:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-01-07 22:43 - 2017-11-13 20:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-07 22:43 - 2017-11-13 20:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-07 22:43 - 2017-11-13 20:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-07 22:43 - 2017-11-13 20:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-07 22:43 - 2017-11-13 20:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-01-07 22:43 - 2017-11-13 20:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-07 22:43 - 2017-11-13 20:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-07 22:43 - 2017-11-13 20:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-07 22:43 - 2017-11-13 20:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-07 22:43 - 2017-11-13 19:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-07 22:43 - 2017-11-13 19:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-07 22:43 - 2017-11-13 19:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-07 22:43 - 2017-11-13 19:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-01-07 22:43 - 2017-11-13 19:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-07 22:43 - 2017-11-13 18:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-07 22:43 - 2017-11-13 18:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-01-07 22:43 - 2017-11-07 14:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-01-07 22:43 - 2017-11-07 14:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-07 22:43 - 2017-11-07 14:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-01-07 22:43 - 2017-11-07 14:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-01-07 22:43 - 2017-11-07 14:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-07 22:43 - 2017-11-07 14:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-01-07 22:43 - 2017-11-07 14:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-01-07 22:43 - 2017-11-07 14:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-07 22:43 - 2017-11-07 14:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-07 22:43 - 2017-11-07 14:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-07 22:43 - 2017-11-07 14:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-01-07 22:43 - 2017-11-07 14:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-01-07 22:43 - 2017-11-07 14:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-01-07 22:43 - 2017-11-07 14:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-01-07 22:43 - 2017-11-07 14:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-07 22:43 - 2017-11-07 14:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-01-07 22:43 - 2017-11-07 14:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-01-07 22:43 - 2017-11-07 14:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-07 22:43 - 2017-11-07 14:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-07 22:43 - 2017-11-07 14:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-07 22:43 - 2017-11-07 14:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-01-07 22:43 - 2017-11-07 14:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-07 22:43 - 2017-11-07 14:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-07 22:43 - 2017-11-07 13:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-07 22:43 - 2017-11-07 10:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-01-07 22:43 - 2017-11-07 10:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-01-07 22:43 - 2017-11-04 09:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-01-07 22:43 - 2017-11-04 09:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-01-07 22:43 - 2017-11-04 09:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-01-07 22:43 - 2017-11-04 09:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-01-07 22:43 - 2017-11-02 10:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2018-01-07 22:43 - 2017-11-02 10:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2018-01-07 22:43 - 2017-11-02 10:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2018-01-07 22:43 - 2017-11-02 10:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2018-01-07 22:43 - 2017-11-02 09:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2018-01-07 22:43 - 2017-11-02 09:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2018-01-07 22:43 - 2017-11-02 09:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2018-01-07 22:43 - 2017-11-02 08:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2018-01-07 22:43 - 2017-10-16 17:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2018-01-07 22:43 - 2017-10-16 16:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2018-01-07 22:43 - 2017-10-11 18:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-07 22:42 - 2017-10-17 20:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-01-07 22:42 - 2017-10-17 20:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-01-07 22:42 - 2017-10-15 16:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-01-07 22:42 - 2017-10-04 07:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-01-07 22:42 - 2017-10-04 07:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-01-07 22:42 - 2017-10-04 07:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-01-07 22:42 - 2017-10-04 07:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-01-07 22:42 - 2017-10-04 07:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-01-07 22:42 - 2017-10-04 07:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-01-07 22:42 - 2017-10-04 07:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-01-07 22:27 - 2018-01-07 22:27 - 000000000 ____D C:\Users\dstover\AppData\Roaming\AVAST Software
2018-01-07 22:03 - 2018-01-07 22:03 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\asw281ed2c15b4914ff.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9dce305414d799e0.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbf4f55c2d86dddbe.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4864ebc818212332.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\asw be404fba4326024.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb2fc0802530bbcb7.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb4bd736b5086112b.tmp
2018-01-07 22:03 - 2018-01-07 22:03 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb733c3103bdc7fb6.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 2b420d55c6c0e10.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6bdbe4ccd0c53314.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4b879e6f0647b192.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw56bc87613a52b2f9.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\asw788425ed9cfc1054.tmp
2018-01-07 22:03 - 2018-01-07 22:02 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb0d97510e96ad42b.tmp
2018-01-07 22:01 - 2018-01-10 23:31 - 000000000 ____D C:\Program Files\STMicroelectronics
2018-01-07 22:01 - 2018-01-07 22:01 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ST_Accel_01009.Wdf
2018-01-07 22:01 - 2018-01-07 22:01 - 000000000 ____D C:\Program Files\DIFX
2018-01-07 22:00 - 2018-01-08 08:40 - 000000000 ____D C:\Users\dstover\AppData\Roaming\DRPNano
2018-01-07 22:00 - 2016-03-14 08:38 - 000076504 _____ (ST Microelectronics) C:\Windows\system32\stdcfltnco08.dll
2018-01-07 19:08 - 2018-01-10 10:16 - 000000000 ____D C:\Users\dstover\AppData\LocalLow\Intel
2018-01-07 18:34 - 2013-03-13 22:14 - 005905904 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2018-01-07 18:34 - 2013-03-13 22:14 - 000515568 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2018-01-07 18:34 - 2013-03-13 22:14 - 000442352 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2018-01-07 18:34 - 2013-03-13 22:14 - 000399856 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2018-01-07 18:34 - 2013-02-27 11:58 - 000116224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3040.dll
2018-01-07 18:34 - 2013-02-27 11:58 - 000016896 _____ (Intel® Corporation) C:\Windows\system32\IntcDAuC.dll
2018-01-07 18:34 - 2013-02-22 13:53 - 011175424 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2018-01-07 18:34 - 2013-02-22 13:51 - 012858368 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2018-01-07 18:34 - 2013-02-22 13:50 - 012615680 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2018-01-07 18:34 - 2013-02-22 13:49 - 011049472 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2018-01-07 18:34 - 2013-02-22 13:48 - 009007616 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2018-01-07 18:34 - 2013-02-22 13:48 - 000439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2018-01-07 18:34 - 2013-02-22 13:48 - 000438784 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2018-01-07 18:34 - 2013-02-22 13:48 - 000437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2018-01-07 18:34 - 2013-02-22 13:48 - 000437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2018-01-07 18:34 - 2013-02-22 13:48 - 000437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2018-01-07 18:34 - 2013-02-22 13:48 - 000437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2018-01-07 18:34 - 2013-02-22 13:48 - 000064000 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2018-01-07 18:34 - 2013-02-22 13:47 - 000442880 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2018-01-07 18:34 - 2013-02-22 13:47 - 000440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000431104 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000410624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2018-01-07 18:34 - 2013-02-22 13:47 - 000384512 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2018-01-07 18:34 - 2013-02-22 13:47 - 000330752 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2018-01-07 18:34 - 2013-02-22 13:47 - 000286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2018-01-07 18:34 - 2013-02-22 13:47 - 000223664 _____ C:\Windows\system32\Gfxres.th-TH.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000210106 _____ C:\Windows\system32\Gfxres.el-GR.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000194245 _____ C:\Windows\system32\Gfxres.ru-RU.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000175104 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2018-01-07 18:34 - 2013-02-22 13:47 - 000166170 _____ C:\Windows\system32\Gfxres.ar-SA.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000163421 _____ C:\Windows\system32\Gfxres.ja-JP.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000159008 _____ C:\Windows\system32\Gfxres.he-IL.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000149682 _____ C:\Windows\system32\Gfxres.it-IT.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000148042 _____ C:\Windows\system32\Gfxres.ko-KR.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000147393 _____ C:\Windows\system32\Gfxres.de-DE.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000147288 _____ C:\Windows\system32\Gfxres.es-ES.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000146004 _____ C:\Windows\system32\Gfxres.ro-RO.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000145491 _____ C:\Windows\system32\Gfxres.fr-FR.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000144645 _____ C:\Windows\system32\Gfxres.tr-TR.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000144260 _____ C:\Windows\system32\Gfxres.pt-BR.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000144020 _____ C:\Windows\system32\Gfxres.nl-NL.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000143932 _____ C:\Windows\system32\Gfxres.hu-HU.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000142882 _____ C:\Windows\system32\Gfxres.sv-SE.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000142877 _____ C:\Windows\system32\Gfxres.pt-PT.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000142717 _____ C:\Windows\system32\Gfxres.pl-PL.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2018-01-07 18:34 - 2013-02-22 13:47 - 000142289 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000142008 _____ C:\Windows\system32\Gfxres.fi-FI.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000141838 _____ C:\Windows\system32\Gfxres.sk-SK.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000141049 _____ C:\Windows\system32\Gfxres.hr-HR.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000137889 _____ C:\Windows\system32\Gfxres.sl-SI.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000137784 _____ C:\Windows\system32\Gfxres.nb-NO.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000137141 _____ C:\Windows\system32\Gfxres.da-DK.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000132623 _____ C:\Windows\system32\Gfxres.en-US.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000126300 _____ C:\Windows\system32\Gfxres.zh-TW.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000124650 _____ C:\Windows\system32\Gfxres.zh-CN.resources
2018-01-07 18:34 - 2013-02-22 13:47 - 000110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2018-01-07 18:34 - 2013-02-22 13:47 - 000009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2018-01-07 18:34 - 2013-02-22 13:47 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config
2018-01-07 18:34 - 2013-02-22 13:43 - 000754652 _____ C:\Windows\SysWOW64\igcodeckrng700.bin
2018-01-07 18:34 - 2013-02-22 13:43 - 000754652 _____ C:\Windows\system32\igcodeckrng700.bin
2018-01-07 18:34 - 2013-02-22 13:43 - 000598384 _____ C:\Windows\SysWOW64\igvpkrng700.bin
2018-01-07 18:34 - 2013-02-22 13:43 - 000598384 _____ C:\Windows\system32\igvpkrng700.bin
2018-01-07 18:31 - 2012-08-10 21:44 - 000482128 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1c62x64.sys
2018-01-07 18:31 - 2012-08-09 19:56 - 000101224 _____ (Intel Corporation) C:\Windows\system32\NicInstC.dll
2018-01-07 18:31 - 2012-08-09 15:54 - 000073032 _____ (Intel Corporation) C:\Windows\system32\e1cmsg.dll
2018-01-07 18:30 - 2018-01-07 18:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2018-01-07 18:30 - 2018-01-07 18:30 - 000000000 ____D C:\Windows\Dell
2018-01-07 18:30 - 2013-05-21 14:04 - 000496432 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2018-01-07 18:30 - 2013-02-28 20:29 - 000116056 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2018-01-07 18:30 - 2010-09-15 17:00 - 000017776 _____ C:\Windows\EvtMessage.dll
2018-01-07 18:28 - 2018-01-10 10:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-01-07 18:28 - 2018-01-07 18:28 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2018-01-07 18:28 - 2013-11-13 13:23 - 000016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2018-01-07 18:28 - 2013-08-16 04:21 - 006101504 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2018-01-07 18:28 - 2013-08-16 04:21 - 001897984 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl
2018-01-07 18:28 - 2013-08-16 04:21 - 000551936 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2018-01-07 18:28 - 2013-08-16 04:21 - 000499200 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2018-01-07 18:28 - 2013-08-16 04:21 - 000256000 _____ (IDT, Inc.) C:\Windows\system32\st646491.dll
2018-01-07 18:27 - 2018-01-18 16:31 - 000000000 ____D C:\Program Files\Dell
2018-01-07 18:27 - 2018-01-10 12:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN
2018-01-07 18:27 - 2014-01-14 19:03 - 008925184 _____ (Dell Inc.) C:\Windows\bcm980E.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 007925248 _____ (Dell Inc.) C:\Windows\system32\BCMWLCPL.CPL
2018-01-07 18:27 - 2014-01-14 19:03 - 004961800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcredist_x64.exe
2018-01-07 18:27 - 2014-01-14 19:03 - 004668928 _____ (Broadcom Corporation) C:\Windows\system32\bcmttls.dll
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SETB960.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SETA575.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET9F7B.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET905E.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET74A3.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET70BD.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET5C15.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET5928.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET52B2.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET511D.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 004400128 _____ (Broadcom Corporation) C:\Windows\system32\SET49F6.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 003161088 _____ (Microsoft Corporation) C:\Windows\system32\vcredist_x64.exe
2018-01-07 18:27 - 2014-01-14 19:03 - 003155456 _____ (Dell Inc.) C:\Windows\bcm981E.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 001051136 _____ (Dell Inc.) C:\Windows\system32\BCMLogon.dll
2018-01-07 18:27 - 2014-01-14 19:03 - 000336384 _____ (TODO: <Company name>) C:\Windows\bcm981F.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000106000 _____ (CACE Technologies, Inc.) C:\Windows\bcm9830.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SETBB08.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SETA9BB.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SETA086.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET91B7.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET8410.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET7956.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET6589.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET5DEB.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET55A1.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET5498.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000096560 _____ (Broadcom Corporation) C:\Windows\system32\SET4CB6.tmp
2018-01-07 18:27 - 2014-01-14 19:03 - 000073216 _____ (Broadcom Corporation) C:\Windows\system32\wltrynt.dll
2018-01-07 18:27 - 2014-01-14 19:03 - 000035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2018-01-07 18:27 - 2014-01-14 19:03 - 000023760 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcm42rly.sys
2018-01-07 18:27 - 2014-01-14 19:03 - 000006656 _____ C:\Windows\system32\bcmwlrc.dll
2018-01-07 18:27 - 2014-01-14 19:03 - 000000446 _____ C:\Windows\SysWOW64\vcredist_x64.bat
2018-01-07 18:27 - 2014-01-14 19:03 - 000000441 _____ C:\Windows\system32\vcredist_x64.bat
2018-01-07 18:26 - 2018-01-10 14:39 - 000000000 ____D C:\ProgramData\dell
2018-01-07 18:23 - 2018-01-10 10:08 - 000000000 ____D C:\Users\dstover\Documents\Dell Downloads
2018-01-07 18:21 - 2018-01-12 07:54 - 000000000 ____D C:\Users\dstover\AppData\Local\Deployment
2018-01-07 07:07 - 2018-01-07 07:07 - 000142672 ____N C:\Windows\system32\Drivers\pwbpsvzc.sys
2018-01-07 00:40 - 2018-01-21 01:45 - 000000000 ____D C:\Users\dstover\video
2018-01-06 19:48 - 2018-01-13 17:36 - 000000000 ____D C:\Users\dstover\AppData\Local\pwrghbo
2018-01-06 19:43 - 2018-01-21 10:04 - 002888192 _____ (TOSHIBA CORPORATION) C:\Windows\system32\spmtoilsvc.exe
2018-01-06 19:41 - 2018-01-06 19:41 - 000000000 ____D C:\Windows\SysWOW64\lmbtnek
2018-01-06 19:41 - 2018-01-06 19:41 - 000000000 ____D C:\Windows\system32\lmbtnek
2018-01-06 19:41 - 2018-01-06 19:41 - 000000000 ____D C:\Users\dstover\AppData\Roaming\et
2018-01-06 18:33 - 2018-01-06 18:33 - 000451584 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2018-01-06 18:33 - 2018-01-06 18:33 - 000000020 _____ C:\Windows\b61484357
2018-01-06 13:39 - 2018-01-06 14:05 - 048902838 _____ C:\Users\dstover\Downloads\HDPOPCORNS.The-Boatniks-1970-1080p.mp4 (1).crdownload
2018-01-06 03:32 - 2018-01-14 20:58 - 000000000 _RSHD C:\ProgramData\Key-Base
2018-01-06 00:56 - 2017-03-23 09:04 - 003547136 _____ C:\Windows\system32\pwNative.exe
2018-01-06 00:56 - 2013-09-30 15:26 - 000019152 _____ C:\Windows\system32\pwdrvio.sys
2018-01-06 00:56 - 2013-09-30 15:26 - 000012504 _____ C:\Windows\system32\pwdspio.sys

2017-12-30 12:27 - 2017-12-30 12:27 - 000001749 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-30 12:27 - 2017-12-30 12:27 - 000001749 _____ C:\ProgramData\Desktop\iTunes.lnk
2017-12-30 12:27 - 2017-12-30 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-30 12:27 - 2017-12-30 12:27 - 000000000 ____D C:\Program Files\iPod
2017-12-30 12:26 - 2017-12-30 12:27 - 000000000 ____D C:\Program Files\iTunes
2017-12-30 12:15 - 2018-01-02 13:52 - 2289344103 _____ C:\Users\dstover\Downloads\1951 - Flying.Leathernecks.[H264. AC3 Spa Eng Ita].DVDMux.mkv.!ut
2017-12-29 20:24 - 2017-12-29 20:24 - 000000000 ____D C:\Users\dstover\Downloads\The Guns of Navarone 1961 720p BRRip x264 aac vice (HDScene Release)
2017-12-28 17:32 - 2017-12-28 17:32 - 000000000 ____D C:\Users\dstover\Documents\OneNote Notebooks
2017-12-28 16:18 - 2017-12-28 16:18 - 002276892 _____ C:\Users\dstover\Documents\Scotsman 2018 List Price Catalog.pdf
2017-12-25 17:19 - 2017-12-25 17:19 - 000000000 ____D C:\Users\dstover\AppData\Local\SmartView2
2017-12-25 17:18 - 2017-12-25 17:18 - 000000000 ____D C:\Program Files (x86)\Smart View
2017-12-25 15:37 - 2017-12-25 15:40 - 000000000 ____D C:\Users\dstover\AppData\Local\Plex Media Server
2017-12-23 19:50 - 2017-12-23 19:50 - 000002613 _____ C:\Users\dstover\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-12-23 19:49 - 2018-01-07 08:10 - 000000000 ____D C:\Users\dstover\AppData\Roaming\uTorrent
2017-12-23 19:34 - 2017-12-23 19:37 - 000000000 ____D C:\KeepVid Pro Downloaded
2017-12-23 19:34 - 2017-12-23 19:34 - 000000000 ____D C:\Users\dstover\AppData\Local\Keepvid
2017-12-23 19:34 - 2017-12-23 19:34 - 000000000 ____D C:\KeepVid Pro Recorded
2017-12-23 19:34 - 2017-12-23 19:34 - 000000000 ____D C:\KeepVid Pro Converted
2017-12-23 19:33 - 2017-12-23 19:33 - 000000000 ____D C:\ProgramData\KeepVid
2017-12-23 18:45 - 2017-12-23 18:45 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-23 18:32 - 2017-12-23 18:32 - 000000000 ____D C:\Users\dstover\.QtWebEngineProcess
2017-12-22 23:53 - 2018-01-06 19:39 - 000698368 _____ (Trend Micro Inc.) C:\Windows\TSCCensus64.exe
2017-12-22 23:43 - 2017-12-22 23:44 - 000000000 ____D C:\Users\dstover\Desktop\New folder
2017-12-22 22:44 - 2017-12-22 22:44 - 000000000 ____D C:\Users\dstover\AppData\Local\FlvtoYoutubeDownloader
2017-12-22 22:44 - 2017-12-22 22:44 - 000000000 ____D C:\Users\dstover\AppData\Local\CEF
2017-12-22 22:29 - 2017-12-22 22:29 - 000000000 ____D C:\Users\dstover\AppData\Local\iTube Studio
2017-12-22 22:29 - 2017-12-22 22:29 - 000000000 ____D C:\ProgramData\Aimersoft
2017-12-22 22:28 - 2017-12-22 22:28 - 000000000 ____D C:\Users\dstover\AppData\Local\Aimersoft
2017-12-22 22:28 - 2017-12-22 22:28 - 000000000 ____D C:\iTube Studio Recorded
2017-12-22 22:28 - 2017-12-22 22:28 - 000000000 ____D C:\iTube Studio Downloaded
2017-12-22 22:28 - 2017-12-22 22:28 - 000000000 ____D C:\iTube Studio Converted
2017-12-22 22:27 - 2017-12-22 22:30 - 000000000 ____D C:\ProgramData\iTube Studio
2017-12-22 21:59 - 2017-12-22 22:00 - 000000000 ____D C:\ProgramData\GraphicsType
2017-12-22 13:54 - 2017-12-22 13:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-22 13:53 - 2017-12-22 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-12-22 13:30 - 2018-01-16 23:16 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-12-22 11:10 - 2017-12-22 11:10 - 000006144 _____ C:\Users\dstover\Downloads\2018 PRICE LIST P.1.xls
2017-12-22 11:10 - 2017-12-22 11:10 - 000006144 _____ C:\Users\dstover\Downloads\2018 PRICE LIST P.1 (1).xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-21 12:08 - 2009-07-13 20:34 - 040632320 _____ C:\Windows\system32\config\HARDWARE
2018-01-21 11:59 - 2017-09-22 20:54 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-01-21 10:17 - 2009-07-13 22:45 - 000020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-21 10:17 - 2009-07-13 22:45 - 000020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-21 10:05 - 2017-09-22 20:54 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-01-21 10:04 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-21 10:03 - 2017-12-20 10:17 - 000000000 ____D C:\Windows\pss
2018-01-20 09:37 - 2017-09-20 13:48 - 000000000 ____D C:\Users\dstover
2018-01-19 23:45 - 2009-07-13 23:13 - 001491886 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-19 23:45 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2018-01-19 23:01 - 2017-12-03 22:35 - 000000000 ____D C:\Users\dstover\AppData\Roaming\vlc
2018-01-19 22:47 - 2017-09-21 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Agent
2018-01-19 21:36 - 2017-09-23 22:07 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-19 15:14 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\lv-LV
2018-01-19 15:14 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\lt-LT
2018-01-19 15:14 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\et-EE
2018-01-19 15:14 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\Help
2018-01-19 14:59 - 2017-09-22 20:58 - 000000000 ___RD C:\Users\dstover\Dropbox
2018-01-19 13:12 - 2017-09-10 19:31 - 000000000 ____D C:\Users\dstover\Desktop\Quotes
2018-01-19 12:57 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-19 12:44 - 2017-10-11 19:41 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-19 12:44 - 2017-09-18 16:02 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-19 10:16 - 2017-09-20 13:54 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-18 21:57 - 2017-09-20 13:53 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2018-01-18 16:32 - 2017-09-18 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-01-17 07:42 - 2015-12-09 19:47 - 000435416 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2018-01-17 06:56 - 2017-09-21 13:51 - 000000000 ____D C:\Users\dstover\AppData\Local\ElevatedDiagnostics
2018-01-16 23:18 - 2017-09-21 08:59 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-16 17:57 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\registration
2018-01-16 17:11 - 2010-11-21 01:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2018-01-16 09:07 - 2017-09-20 13:48 - 000000000 ____D C:\Users\dstover\AppData\Local\VirtualStore
2018-01-14 22:31 - 2017-09-18 14:47 - 000000000 ____D C:\Users\Administrator
2018-01-14 22:31 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\catroot2.old
2018-01-13 20:54 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\Drivers\hosts.old
2018-01-13 14:34 - 2017-09-18 17:17 - 000000000 ___RD C:\System Recovery
2018-01-12 07:54 - 2017-09-21 15:01 - 000002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-12 04:22 - 2017-09-18 16:24 - 000000000 ____D C:\Intel
2018-01-11 16:00 - 2017-09-22 20:54 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-01-10 22:27 - 2017-09-20 14:04 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-10 14:21 - 2017-09-19 14:08 - 000000000 ____D C:\Windows\system32\appraiser
2018-01-10 14:21 - 2017-09-18 16:02 - 000000000 ____D C:\Windows\system32\MRT
2018-01-10 14:21 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2018-01-10 14:21 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\Setup
2018-01-10 14:15 - 2017-09-18 15:52 - 001171372 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-10 14:04 - 2011-10-05 02:20 - 000000000 ____D C:\Windows\Panther
2018-01-10 13:47 - 2009-07-13 23:08 - 000032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-10 05:20 - 2017-09-18 16:25 - 000000000 ____D C:\Program Files (x86)\Dell
2018-01-09 23:00 - 2017-09-20 10:16 - 000000128 _____ C:\Windows\system32\config\netlogon.ftl
2018-01-09 18:46 - 2017-09-23 21:59 - 000000000 ____D C:\ProgramData\HP
2018-01-09 18:45 - 2017-09-23 21:59 - 000000000 ____D C:\Program Files (x86)\HP
2018-01-09 18:45 - 2017-09-23 21:58 - 000000000 ____D C:\Users\dstover\AppData\Local\HP
2018-01-09 14:11 - 2017-09-23 22:08 - 000000000 ____D C:\Users\dstover\AppData\Roaming\Yahoo!
2018-01-08 23:46 - 2017-09-18 16:25 - 000000000 ____D C:\Dell
2018-01-08 12:59 - 2017-09-21 14:25 - 000000000 ____D C:\Users\dstover\AppData\Local\Google
2018-01-08 08:41 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\servicing
2018-01-08 08:41 - 2009-07-13 21:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-01-07 21:30 - 2017-09-10 19:58 - 000000000 ____D C:\Users\dstover\Documents\ADI Forms Procedures
2018-01-07 18:35 - 2017-09-18 16:24 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-07 18:28 - 2017-09-18 15:50 - 000000000 ____D C:\Program Files\Intel
2018-01-07 10:29 - 2017-09-23 22:05 - 000205893 _____ C:\Windows\hpoins46.dat
2018-01-05 16:26 - 2017-09-21 15:28 - 000012743 _____ C:\Windows\cfgall.ini
2018-01-05 13:16 - 2009-07-13 20:34 - 000000438 _____ C:\Windows\win.ini
2018-01-05 12:29 - 2017-12-20 09:32 - 002983618 _____ C:\Windows\ntbtlog.txt
2018-01-01 16:15 - 2017-09-22 19:29 - 000092176 _____ C:\Users\dstover\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-29 22:21 - 2009-07-13 21:20 - 000000000 __RSD C:\Windows\Media
2017-12-29 22:21 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\security
2017-12-29 22:21 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-12-28 17:33 - 2017-09-10 19:58 - 000000000 ____D C:\Users\dstover\Documents\ADI Dealer Pricing Folder
2017-12-28 17:28 - 2017-09-10 19:58 - 000000000 ____D C:\Users\Public\Documents\Consignment
2017-12-28 17:28 - 2017-09-10 19:58 - 000000000 ____D C:\ProgramData\Documents\Consignment
2017-12-25 00:32 - 2017-12-03 22:36 - 000000000 ____D C:\Users\dstover\AppData\Roaming\dvdcss
2017-12-22 16:54 - 2017-10-03 11:06 - 000002358 _____ C:\Users\dstover\Desktop\Polar Temp Stk - Shortcut.lnk
2017-12-22 13:27 - 2017-12-19 18:48 - 000000000 ____D C:\Users\dstover\AppData\Local\ScreenRecorder
2017-12-22 13:27 - 2017-12-19 18:47 - 000000000 ____D C:\ProgramData\Movavi Screen Recorder 9
2017-12-22 13:27 - 2017-12-03 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-12-22 13:27 - 2017-09-22 10:12 - 000000000 ____D C:\ProgramData\Nuance
2017-12-22 13:27 - 2017-09-21 15:22 - 000000000 ___RD C:\Users\dstover\OneDrive
2017-12-22 13:27 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache
2017-12-22 13:27 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\AppCompat

==================== Files in the root of some directories =======

2018-01-10 21:52 - 2018-01-11 08:34 - 000000115 _____ () C:\Users\dstover\AppData\Roaming\LogFile.txt
2018-01-18 20:29 - 2018-01-18 20:29 - 000000036 _____ () C:\Users\dstover\AppData\Local\housecall.guid.cache
2018-01-11 13:55 - 2018-01-11 13:55 - 000000017 _____ () C:\Users\dstover\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-01-18 14:16 - 2017-11-10 17:31 - 000340616 _____ (Symantec Corporation) C:\Users\dstover\AppData\Local\Temp\SEVINST64x86.EXE
2018-01-18 20:18 - 2018-01-18 15:15 - 001516216 _____ (Symantec Corporation) C:\Users\dstover\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS__{2CE86211-E10D-4288-9147-B40A033819FF}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\pwbpsvzc.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-01-20 18:06

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by xxxxxxx (21-01-2018 12:09:02)
Running from C:\Users\xxxxxxx\Downloads
Windows 7 Professional Service Pack 1 (X64) (2017-09-18 20:32:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3571793897-3695349560-1157639705-500 - Administrator - Enabled) => C:\Users\Administrator
dstover (S-1-5-21-3571793897-3695349560-1157639705-1001 - Limited - Enabled)
Guest (S-1-5-21-3571793897-3695349560-1157639705-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Trend Micro OfficeScan Anti-spyware (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-623538099-558311655-452798024-2129\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Application Compatibility Toolkit (HKLM\...\{F750E5A7-BCC1-1F6D-4FDA-C5B349F1254C}) (Version: 8.100.26641 - Microsoft) Hidden
AQ (HKLM-x32\...\{A05B1A6E-214A-4669-B9BE-C6E587FB876E}) (Version: 1.17.7190.1233 - AutoQuotes)
Assessments on Client (HKLM-x32\...\{C1C83898-5A60-AE9D-A3AB-7534375CA453}) (Version: 8.100.26866 - Microsoft) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
D110 (HKLM-x32\...\{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Dell Backup and Recovery Manager (HKLM\...\{C08FC5E5-54A3-41AC-9209-5A07DEDBF2DF}) (Version: 1.3.3 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{8D7B279C-A661-465C-9658-F62FBD6A6B91}) (Version: 2.1.3.5 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.215 - Dell Inc.)
Eagle e4wDrivers 25.0885.065 (HKLM-x32\...\{693F6AB5-64D0-492E-A76C-9A56C5150B72}) (Version: 14.244.13257 - Epicor Software Corporation) Hidden
Eagle e4wFonts e4wFonts 25.0885.065 (HKLM-x32\...\{FD351FF7-3D77-4A88-9107-1E0DA066CC51}) (Version: 14.244.13257 - Epicor Software Corporation) Hidden
Eagle e4wHelp 25.0885.065 (HKLM-x32\...\{D2F2B121-912E-438F-9555-8159D8E7EEAC}) (Version: 14.244.13257 - Epicor Software Corporation) Hidden
Eagle e4wServices 25.0885.065 (HKLM-x32\...\{4F1DFE5F-1F65-434F-9AE8-D984ED847CF5}) (Version: 14.244.13257 - Epicor Software Corporation) Hidden
Eagle for Windows (HKLM-x32\...\Eagle for Windows) (Version:  - Epicor Software Corporation)
Eagle LaserCat 3 Client (HKLM-x32\...\{A97D30A2-E40D-4DFF-B9B8-AB7C25B25BE9}) (Version:  - )
Eagle N Series™ 25.0885.065 (HKLM-x32\...\{63E88CE8-DB3D-4730-8735-CF2994ABD348}) (Version: 14.244.13257 - Epicor Software Corporation) Hidden
Eagle SecureAccess 25.0885.065 (HKLM-x32\...\{DC37CB49-F595-4B63-A049-3EC7961D53F6}) (Version: 14.244.13257 - Epicor Software Corporation)
Google Chrome (HKLM-x32\...\{25D2D4B7-33E0-301B-989D-63B657E5CD59}) (Version: 63.0.3239.132 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (HKLM-x32\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Kits Configuration Installer (HKLM-x32\...\{B74E65FD-CC47-41C5-4B89-791A3F61942D}) (Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-623538099-558311655-452798024-2129\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{CE47BA54-78AC-409F-9151-BDF5BE15A804}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Nuance PDF Converter Professional 8 (HKLM\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM-x32\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PS_AIO_07_D110_SW_Min (HKLM-x32\...\{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{8E4B1BE8-DCF3-4B90-A726-B28107442623}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0046 - ST Microelectronics)
Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}) (Version: 140.0.424.000 - Hewlett-Packard) Hidden
Toolkit Documentation (HKLM-x32\...\{6C870B12-6FF2-68FC-8C3B-DD177BBF3F92}) (Version: 8.100.26866 - Microsoft) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trend Micro OfficeScan Agent (HKLM-x32\...\OfficeScanNT) (Version: 11.0.4268 - Trend Micro Inc.)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.6 - uvnc bvba)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
Windows Driver Package - STMicroelectronics (ST_Accel) System  (02/17/2016 2.2.3.11) (HKLM\...\5466ABE69B0774EF3A6EC25BB0C6BA388A4622D5) (Version: 02/17/2016 2.2.3.11 - STMicroelectronics)
WPT Redistributables (HKLM-x32\...\{64F3FB9A-9250-B2D6-00B4-50BE0358AEE8}) (Version: 8.100.26866 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}) (Version: 8.100.26837 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll [2015-04-27] (Trend Micro Inc.)
ContextMenuHandlers1: [PDFC7.ShellExtension] -> {877327F4-8A93-4320-932C-338069C27BEA} => C:\Program Files (x86)\Nuance\PDF Professional 8\ShellExt70.dll [2012-10-23] (Nuance Communications, Inc.)
ContextMenuHandlers1: [Zeon.GMFCDirectShellExt] -> {C037D85B-2F6F-4B14-9E6D-26D504D9194B} => C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GDirectShellExt.dll [2013-04-15] (Zeon International Investment Corp. )
ContextMenuHandlers2: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll [2015-04-27] (Trend Micro Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers4: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll [2015-04-27] (Trend Micro Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-22] (Intel Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07CA1FBD-06F5-4997-8BB3-188163DB9030} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {10ADE829-2E59-4B0A-9F59-785E74EA0A48} - System32\Tasks\{527B88B9-D0A9-41AC-8D8D-042AE1736986} => C:\Windows\system32\pcalua.exe -a C:\Users\dstover\Documents\sysclean\SysClean.com -d C:\Users\dstover\Documents\sysclean
Task: {115C0CC9-4D71-45EC-90D6-053C6A8341F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-21] (Google Inc.)
Task: {272841C1-8BC1-4F37-A94D-4F532FD7E2B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-21] (Google Inc.)
Task: {278A9161-0895-4431-965D-5F52A9CB829C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-22] (Dropbox, Inc.)
Task: {351224FD-11E0-4733-86DE-E56CF58BE782} - System32\Tasks\{6BA9E8F0-B7C0-4CF8-AC93-C7B38336343A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}"
Task: {40A5C1C1-A818-49AB-BF3F-3A5E756D4E5F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4DC4FEA2-C0C2-4488-9226-7E9B1DC09BBF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {4E4512F2-129F-4DB3-9343-18140553C4AC} - System32\Tasks\{2F857FB8-0633-4937-A5DA-3BA6C4DD4A40} => C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe [2015-07-24] (Trend Micro Inc.)
Task: {67962C29-0430-4FCD-96E5-78A063CFB20B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {69CFF332-CB04-4784-AEC7-4AC9D15313E2} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
Task: {7319F8BC-D127-4501-A121-49BB6A2153DC} - System32\Tasks\{1B53C9B0-1C92-4EF6-B429-DA4095534B0A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmExtIns32.exe" -d "C:\Program Files (x86)\Trend Micro\OfficeScan Client"
Task: {80C7CC36-86B1-402A-8FC5-BA34CFB447BA} - System32\Tasks\Microsoft\Windows\PLA\System\{2FEDDA37-EF95-4C30-9E32-01FE0F298409}_System Diagnostics => Command(1): C:\Windows\system32\rundll32.exe -> C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {80C7CC36-86B1-402A-8FC5-BA34CFB447BA} - System32\Tasks\Microsoft\Windows\PLA\System\{2FEDDA37-EF95-4C30-9E32-01FE0F298409}_System Diagnostics => Command(2): C:\Windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{2FEDDA37-EF95-4C30-9E32-01FE0F298409}_System Diagnostics"
Task: {80D5755B-E758-4130-98DE-8C5B6D7BDBBB} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {92E9034E-6013-4BA0-9479-F509367F38AF} - System32\Tasks\{79EAB2E1-4038-4AB5-8699-F5C3734A1DB8} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopExtIns32.exe" -d "C:\Program Files (x86)\Trend Micro\OfficeScan Client"
Task: {AD209C60-3A6C-4753-B87D-9C1227751EFB} - System32\Tasks\{B420C63D-A63E-403A-8350-25D8AFB18ABB} => C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe [2015-07-24] (Trend Micro Inc.)
Task: {B0FCCC24-9564-47F4-A59B-2F77A065E4B1} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {BDF6085D-35F8-4929-8976-A761C1BA4AE3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {C4A7ABFF-8EC1-4F67-95A8-D54250231BAF} - System32\Tasks\Norton Remove and Reinstall\Norton Remove and Reinstall => C:\Users\dstover\Downloads\NRnR.exe
Task: {D2C1BF38-3B61-4207-9CF5-D4B2B2E43371} - System32\Tasks\{A2EDA7C0-3150-4C8B-9BF6-D1AED35D7280} => C:\Windows\system32\pcalua.exe -a "C:\Users\dstover\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UQEHXUJ\Trend Micro Ransomware Screen Unlocker.exe" -d C:\Users\dstover\Desktop
Task: {D5CEF3FF-F325-48BD-99D8-E6543D751C87} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-19] (Adobe Systems Incorporated)
Task: {E415469C-587B-4BBB-8171-150FFCC439EA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-22] (Dropbox, Inc.)
Task: {E943DA94-35F3-4629-86C8-DBE9F392FA63} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {EAF86FF1-CC56-4E70-ADF9-70E5D1986383} - System32\Tasks\{DD450393-95AD-43B0-8E04-300795712D08} => C:\Windows\system32\pcalua.exe -a C:\Users\dstover\Documents\WPAO_en_v1.4.exe -d C:\Users\dstover\Documents
Task: {FB347F1D-18CD-4388-B0AA-CA5EABC92A54} - System32\Tasks\{61BA6795-BEC1-4C2D-8E09-772AA3C1E985} => C:\Windows\system32\pcalua.exe -a C:\Dell\Drivers\K3TWC\install.exe -d C:\Dell\Drivers\K3TWC

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-01-10 10:38 - 2016-06-02 12:34 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-12-22 13:31 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-01-20 23:43 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-20 23:43 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-01-11 16:00 - 2018-01-08 15:15 - 000732480 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-01-11 16:00 - 2018-01-08 15:15 - 002061632 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-22 20:56 - 2018-01-08 15:15 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-22 20:56 - 2018-01-08 15:16 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-01-11 16:00 - 2018-01-08 15:15 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-01-11 16:00 - 2018-01-08 15:15 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-22 20:56 - 2018-01-08 15:15 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-22 20:56 - 2018-01-08 15:16 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000063296 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-01-11 16:00 - 2018-01-08 15:15 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-01-11 16:00 - 2018-01-08 15:15 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-22 20:56 - 2018-01-08 15:16 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-22 20:56 - 2018-01-08 15:16 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-22 20:56 - 2018-01-08 15:17 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-22 20:56 - 2018-01-08 15:16 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-22 20:56 - 2018-01-08 15:17 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-22 20:56 - 2018-01-08 15:17 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-22 20:56 - 2018-01-08 15:17 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-22 20:56 - 2018-01-08 15:16 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-22 20:56 - 2018-01-08 15:17 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-22 20:56 - 2018-01-08 15:17 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-22 20:56 - 2018-01-08 15:15 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-22 20:56 - 2018-01-08 15:17 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-01-11 16:00 - 2018-01-08 15:15 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-11 15:37 - 2018-01-08 15:16 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-22 20:56 - 2018-01-08 15:16 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-01-11 16:00 - 2018-01-08 15:16 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-22 20:56 - 2018-01-08 15:17 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-01-11 16:00 - 2018-01-08 15:16 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81 [464]
AlternateDataStreams: C:\Users\dstover\Documents\ADI Line Sheet 021617.doc:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507306\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3571793897-3695349560-1157639705-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526446\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-623538099-558311655-452798024-2129\Control Panel\Desktop\\Wallpaper -> C:\Users\dstover\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101507675\Control Panel\Desktop\\Wallpaper -> C:\Users\dstover\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-623538099-558311655-452798024-2129-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01212018101526828\Control Panel\Desktop\\Wallpaper -> C:\Users\dstover\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: DDVCollectorSvcApi => 2
MSCONFIG\Services: DDVDataCollector => 2
MSCONFIG\Services: DDVRulesProcessor => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: HPSLPSVC => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: Netlogon => 2
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ntrtscan => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: Pml Driver HPZ12 => 2
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TMBMServer => 3
MSCONFIG\Services: tmlisten => 2
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dstover^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Eagle Listener.lnk => C:\Windows\pss\Eagle Listener.lnk.Startup
MSCONFIG\startupfolder: C:^Users^dstover^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Eagle Scheduler.lnk => C:\Windows\pss\Eagle Scheduler.lnk.Startup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: bankshares => "C:\Program Files (x86)\Bite\hotz.exe"
MSCONFIG\startupreg: banksharesbankshares => "C:\Program Files (x86)\Disarm\hotz.exe"
MSCONFIG\startupreg: banksharesconfiguration => "C:\Program Files (x86)\melds\ironically.exe"
MSCONFIG\startupreg: candlewood => "C:\Program Files (x86)\Bite\hotz.exe"
MSCONFIG\startupreg: candlewoodcandlewood => "C:\Program Files (x86)\Disarm\hotz.exe"
MSCONFIG\startupreg: candlewoodraul => "C:\Program Files (x86)\melds\ironically.exe"
MSCONFIG\startupreg: HP Officejet 6700 (NET) => "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN2623H00M05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NortonSupport => "C:\Program Files\Norton Security\Engine\22.11.0.41\symerr.exe" /supportreboot
MSCONFIG\startupreg: raulcandlewood => "C:\Program Files (x86)\melds\ironically.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F3F5F2E1-94E7-4D2B-8299-9C40EBAB169B}] => (Allow) C:\Users\dstover\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{457F88FC-0849-4110-BBC8-AE5CB720394E}] => (Allow) LPort=5900
FirewallRules: [{0DCD8598-CE8D-4D31-A551-14D7AAAF1E8D}] => (Allow) LPort=5800
FirewallRules: [{A626DB1C-662C-4A88-BA60-BBDA1E754579}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{6B4B17F1-0C0E-4191-999B-5B7B85A23300}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{04534CBF-8DCA-4308-9CC3-2645DA183EBD}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{389D4FF7-0E79-4DE1-9AB1-779317E01970}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{6E9899E0-6E4E-4A38-944B-5425AA34FC0F}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{15F9B460-ED9B-4865-B593-6DCE993E5DD1}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{18074E04-CB56-44A6-83ED-5FC9D73E8FD7}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{94EEFBAF-F8DA-42DB-BFB2-216C9378D9BD}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{FE80AE5F-CF6C-402A-832A-2A25DE25376A}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{316C3FF8-B631-4AEE-9A7C-E81B798460CB}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{4E34C92A-21F4-4CDE-B6AB-2250FE1C23A6}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{9B37B3D9-C670-401E-B2F3-A6AC8F0646F3}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{BF91AC0B-0D2A-4B99-A0BE-E120D1943D03}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{B5B9552E-1DAF-48B5-9FF8-13454EC35AB4}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{614E9B2A-A976-43AE-A3FA-AD104C6CC190}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{BBE9E293-C7F6-4278-88B6-489F3C61E620}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{5F476C9F-45A4-4D0F-9718-4B68A409BF83}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{9E56DC44-8EFF-467D-B584-810744407220}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{9B83A1E5-D8F2-4BD2-B381-945D41FEE960}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{EE03DE71-444A-4101-A883-DE5BD78F9521}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D05121C1-61FC-4ED5-9E99-411B4AA4CFCF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0BFF97FC-10F5-4C48-B55B-6818932BFC0C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{65B57441-5F9C-4942-85B7-576E4809AAE3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{CDFA2716-6CB0-4654-930A-3F7EBB6148D1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{897B4DFB-101F-4497-B9F0-2B612A45B6F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{153B3FED-1027-47BE-A97C-7A4CEF6C72DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{CD7A145E-ED60-47F8-8A17-40A8B6F97F61}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{55106E8C-D4F0-46D3-A76C-6CBD519B3CE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{5CB9912C-0F8B-4EF3-ABF0-C71800F5C9A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{25F5A0D7-885F-4885-BA4C-1F1DF68DB5CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{4F52730A-F0E0-4073-92D5-C95728E7D359}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{A4B7F324-FD41-4E6C-9F97-AA441F20739C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{8DB3CB3B-EE8B-4A36-9783-6D7F78CE289F}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{5140CA7E-3976-4CA7-B19F-78ABA32094B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60B4A3B7-6580-459B-978D-30A81D137CAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42C39BCF-C8A3-4851-AC5C-7D8EA5C3A97C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4B1087B-77FD-45BB-82FF-2AE2B295C41F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A67F3152-AC95-42C2-9211-BD52359E2C1F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8785010D-0242-470C-BD46-FAEBAB40415A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4A6074BD-F758-40FF-B11D-F5C99B8BDD75}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A5882310-1A14-43F4-AD5D-87262E804C2C}] => (Allow) C:\Users\dstover\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CFCA86F-6242-4368-8727-EC686012EB53}] => (Allow) C:\Users\dstover\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63B002F3-C349-428C-819D-92433720B84B}] => (Allow) C:\Users\dstover\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C946E411-E6DA-4B15-B3EB-39D5C4951133}] => (Allow) C:\Users\dstover\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{94CC0955-875E-4694-A439-14327D86CE34}] => (Allow) C:\Users\dstover\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C8D4A761-D569-475C-86E7-670F5C521891}] => (Allow) C:\Users\dstover\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E9A46014-25B3-47B1-9766-80509A1E60BD}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{08ABCD47-0015-4EA4-A349-E671F8F7A7B4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{D1EF1770-A95B-49EC-82AD-1D369CF82701}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{4B829D09-360A-4A6A-9468-11DA56304437}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{28A7C196-69A2-415E-BBCD-37B5D5A25AC7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{773DE16F-08D0-49FD-B585-9261FD13CEC1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7E47E7F7-2AAC-4353-A9CC-06F0A0194D06}] => (Allow) C:\Program Files (x86)\Bite\hotz.exe
FirewallRules: [{1A881248-E8E7-4E19-AF7C-A69CFC5A0EDC}] => (Allow) C:\Program Files (x86)\Disarm\hotz.exe
FirewallRules: [{A3D5F671-FBFE-4AF1-BBDC-5C28DAB18652}] => (Allow) C:\Program Files (x86)\melds\ironically.exe
FirewallRules: [{EE321A36-6DD3-49AC-A63E-DEB5D089106E}] => (Allow) C:\Program Files (x86)\Disarm\ironically.exe
FirewallRules: [{C4029022-8921-487F-A2AC-6960BE3435F8}] => (Allow) LPort=49142

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet 6700
Description: Officejet 6700
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet 6700
Description: Officejet 6700
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2018 10:40:01 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="4W5KYW1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A20" SMBIOSPresent="True" Rel_Date="20170508000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Latitude E6530" Ident_Num="ADISA13" TimeZone="(UTC-06:00) Central Time (US & Canada)" OSName="Microsoft Windows 7 Professional"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.1.168</HostIP></Exception>

Error: (01/21/2018 10:40:01 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="4W5KYW1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A20" SMBIOSPresent="True" Rel_Date="20170508000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Latitude E6530" Ident_Num="ADISA13" TimeZone="(UTC-06:00) Central Time (US & Canada)" OSName="Microsoft Windows 7 Professional"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.1.168</HostIP></Exception>

Error: (01/21/2018 10:06:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/21/2018 09:59:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/21/2018 09:27:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/21/2018 09:15:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/21/2018 08:52:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/21/2018 08:40:15 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="4W5KYW1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A20" SMBIOSPresent="True" Rel_Date="20170508000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Latitude E6530" Ident_Num="ADISA13" TimeZone="(UTC-06:00) Central Time (US & Canada)" OSName="Microsoft Windows 7 Professional"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.1.168</HostIP></Exception>

Error: (01/21/2018 08:40:14 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="4W5KYW1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A20" SMBIOSPresent="True" Rel_Date="20170508000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Latitude E6530" Ident_Num="ADISA13" TimeZone="(UTC-06:00) Central Time (US & Canada)" OSName="Microsoft Windows 7 Professional"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.1.168</HostIP></Exception>

Error: (01/21/2018 08:24:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\EaseUS\EaseUS Partition Recovery 8.5\bin\MFC80.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/21/2018 12:13:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Error: (01/21/2018 12:13:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Error: (01/21/2018 12:13:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Error: (01/21/2018 12:12:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Error: (01/21/2018 12:12:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Error: (01/21/2018 12:12:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Error: (01/21/2018 12:08:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Error: (01/21/2018 12:08:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Error: (01/21/2018 12:06:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

Error: (01/21/2018 12:06:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.


CodeIntegrity:
===================================
  Date: 2018-01-15 19:19:57.181
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-15 08:44:21.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-15 04:21:50.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-15 03:36:07.571
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-15 02:30:30.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-15 00:52:25.308
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-15 00:15:49.055
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-15 00:03:55.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3360M CPU @ 2.80GHz
Percentage of memory in use: 48%
Total physical RAM: 8097.07 MB
Available physical RAM: 4188.68 MB
Total Virtual: 16192.33 MB
Available Virtual: 12184.21 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:297.99 GB) (Free:116.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 27E8CABF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

DMSJAJ

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 22 January 2018 - 07:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

As you are receiving help on this problem from another forum I am locking this post.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP