The infection was acquired when I received a phone call from a Microsoft technician who told me that malicious software was detected and that I need to reenter my product key in order to verify I have a licensed copy of Windows. I was also instructed to open the TeamViewer, Supremo, and LogMeIn sites as well as a button called CMD that opens the command prompt. I cannot get past windows shell message that demands that I enter the license key or call 908-333-5096. I understand this to be a Trojan Tech-Support-Scam that displays a fake Windows Product Key verification prompt instead of my normal Windows desktop.
The following is the FRST64 log.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by dragonlady (administrator) on PUFF (13-05-2018 11:57:02)
Running from C:\Users\dragonlady\Desktop\geeks to go files
Loaded Profiles: dragonlady (Available Profiles: dragonlady)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\McCSPServiceHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1462792 2016-08-16] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [724400 2016-07-24] (Waves Audio Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-06-20] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-04] (Dropbox, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134736 2015-05-05] (Qualcomm®Atheros®)
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\Users\dragonlady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Cartridge Alerts - HP ENVY 7640 series.lnk [2018-05-12]
ShortcutTarget: Monitor Cartridge Alerts - HP ENVY 7640 series.lnk -> C:\Program Files\HP\HP ENVY 7640 series\Bin\HPStatusBL.dll (HP Inc.)
Startup: C:\Users\dragonlady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup1.bat [2018-01-05] ()
Startup: C:\Users\dragonlady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup1.vbs [2018-04-27] ()
Startup: C:\Users\dragonlady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup2.bat [2018-01-05] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4B0B54C3-3C08-45E1-A046-68FD0FC7D9F6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F48CFB4B-6E95-446D-939B-6022415B73DC}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-965809427-2527374407-292969995-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17prewin10.msn.com/?pc=DCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-965809427-2527374407-292969995-1000 -> DefaultScope {18038AF4-0F95-4D0A-988C-F98CBADB877C} URL =
SearchScopes: HKU\S-1-5-21-965809427-2527374407-292969995-1000 -> {0DD0F81D-80A3-4BBE-94DA-97D227D1CD06} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_hp_mktgsem&type=oo_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-04-26] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-04-27] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-04-26] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-04-26] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-03-16] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-03-16] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-05-09] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-03-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-03-16] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}
CHR Profile: C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default [2018-05-13]
CHR Extension: (Slides) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-01]
CHR Extension: (YouTube) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-01]
CHR Extension: (PDFConverterHQ) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk [2018-05-09]
CHR Extension: (Sheets) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-05-13]
CHR Extension: (Ask Web Search) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmobocdjfkaaihbdnbkmhlfjndhaipo [2018-05-09]
CHR Extension: (My Quick Converter) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlccbfofdgkhefnadicieoobmkeogcef [2018-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (MapsFrontier Advertisement Offers) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdfbeanbffehepagohhengmjnhlkich [2018-05-13]
CHR Extension: (YourTemplateFinder ) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpailjkocefajahogfcjdjfleajmpod [2018-05-09]
CHR Extension: (Gmail) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-01]
CHR Extension: (Chrome Media Router) - C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-30]
CHR Profile: C:\Users\dragonlady\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-05-05] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-04-26] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-23] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-05-04] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [324592 2016-11-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-04-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-03-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\\McCSPServiceHost.exe [2141912 2018-03-01] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-29] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-29] (McAfee, LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [472016 2018-01-29] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669328 2018-03-16] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-08-16] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-07-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2015-05-05] (Qualcomm Atheros)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77216 2018-02-02] (McAfee, LLC)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31712 2016-04-29] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-05-09] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-05-10] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-05-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-10] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-05-13] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [497568 2018-02-02] (McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [357784 2018-02-02] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [529312 2018-02-02] (McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [951200 2018-02-02] (McAfee, LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543632 2018-01-22] (McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108432 2018-01-22] (McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [115616 2018-02-02] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252832 2018-02-02] (McAfee, LLC)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-13 11:53 - 2018-05-13 11:57 - 000000000 ____D C:\Users\dragonlady\Desktop\geeks to go files
2018-05-13 11:53 - 2018-05-13 11:57 - 000000000 ____D C:\FRST
2018-05-12 20:02 - 2018-05-12 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-05-12 12:28 - 2018-05-12 12:29 - 000000093 _____ C:\Users\dragonlady\Downloads\clean-hkcushell.bat
2018-05-12 12:14 - 2018-05-12 12:14 - 000000000 ___RD C:\Users\dragonlady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2018-05-09 19:14 - 2018-05-13 00:31 - 000003522 _____ C:\Windows\System32\Tasks\McAfee DAT Built in test
2018-05-09 12:53 - 2018-05-09 12:53 - 007271632 _____ (Malwarebytes) C:\Users\dragonlady\Downloads\AdwCleaner (1).exe
2018-05-09 12:47 - 2018-05-09 12:47 - 001790024 _____ (Malwarebytes) C:\Users\dragonlady\Downloads\JRT (1).exe
2018-05-09 12:28 - 2018-05-13 09:43 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-09 12:28 - 2018-05-10 03:27 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-09 12:28 - 2018-05-10 03:27 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-09 12:28 - 2018-05-10 03:27 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-09 12:28 - 2018-05-09 12:28 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-09 12:28 - 2018-05-09 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-09 12:28 - 2018-05-09 12:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-09 12:28 - 2018-05-09 12:28 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-09 12:28 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-09 12:27 - 2018-05-09 12:27 - 000215854 _____ C:\TDSSKiller.3.1.0.17_09.05.2018_12.27.15_log.txt
2018-05-09 12:26 - 2018-05-09 12:26 - 074288784 _____ (Malwarebytes ) C:\Users\dragonlady\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2018-05-09 12:22 - 2018-05-09 12:24 - 000426334 _____ C:\TDSSKiller.3.1.0.17_09.05.2018_12.22.23_log.txt
2018-05-09 12:21 - 2018-05-09 12:21 - 000000000 ____D C:\AdwCleaner
2018-05-09 12:20 - 2018-05-09 12:20 - 004949824 _____ (AO Kaspersky Lab) C:\Users\dragonlady\Downloads\tdsskiller.exe
2018-05-09 12:04 - 2018-04-23 13:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-09 12:04 - 2018-04-23 13:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-09 12:04 - 2018-04-22 19:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-09 12:04 - 2018-04-22 19:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-09 12:04 - 2018-04-22 19:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-09 12:04 - 2018-04-22 19:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-09 12:04 - 2018-04-22 19:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-09 12:04 - 2018-04-22 19:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-09 12:04 - 2018-04-22 19:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-09 12:04 - 2018-04-22 19:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-09 12:04 - 2018-04-22 19:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-09 12:04 - 2018-04-22 18:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-09 12:04 - 2018-04-22 18:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-09 12:04 - 2018-04-22 18:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-09 12:04 - 2018-04-22 18:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-09 12:04 - 2018-04-22 18:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-09 12:04 - 2018-04-22 18:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-09 12:04 - 2018-04-22 18:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-09 12:04 - 2018-04-22 18:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-09 12:04 - 2018-04-22 18:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-09 12:04 - 2018-04-22 18:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-09 12:04 - 2018-04-22 18:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-09 12:04 - 2018-04-22 18:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-09 12:04 - 2018-04-22 18:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-09 12:04 - 2018-04-22 18:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-09 12:04 - 2018-04-22 18:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-09 12:04 - 2018-04-22 18:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-09 12:04 - 2018-04-22 18:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-09 12:04 - 2018-04-22 18:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-09 12:04 - 2018-04-22 18:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-09 12:04 - 2018-04-22 18:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-09 12:04 - 2018-04-22 18:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-09 12:04 - 2018-04-22 18:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-09 12:04 - 2018-04-22 18:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-09 12:04 - 2018-04-22 18:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-09 12:04 - 2018-04-22 18:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-09 12:04 - 2018-04-22 18:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-09 12:04 - 2018-04-22 18:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-09 12:04 - 2018-04-22 18:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-09 12:04 - 2018-04-22 03:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-09 12:04 - 2018-04-22 02:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-09 12:04 - 2018-04-22 02:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-09 12:04 - 2018-04-22 02:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-09 12:04 - 2018-04-22 02:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-09 12:04 - 2018-04-22 02:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-09 12:04 - 2018-04-22 02:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-09 12:04 - 2018-04-22 02:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-09 12:04 - 2018-04-22 02:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-09 12:04 - 2018-04-22 02:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-09 12:04 - 2018-04-22 02:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-09 12:04 - 2018-04-22 02:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-09 12:04 - 2018-04-22 02:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-09 12:04 - 2018-04-22 02:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-09 12:04 - 2018-04-22 02:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-09 12:04 - 2018-04-22 02:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-09 12:04 - 2018-04-22 02:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-09 12:04 - 2018-04-22 02:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-09 12:04 - 2018-04-22 02:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-09 12:04 - 2018-04-22 02:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-09 12:04 - 2018-04-22 02:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-09 12:04 - 2018-04-22 02:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-09 12:04 - 2018-04-22 02:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-09 12:04 - 2018-04-22 02:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-09 12:04 - 2018-04-22 02:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-09 12:04 - 2018-04-22 02:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-09 12:04 - 2018-04-22 02:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-09 12:04 - 2018-04-22 02:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-09 12:04 - 2018-04-22 02:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-09 12:04 - 2018-04-22 02:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-09 12:04 - 2018-04-22 02:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-09 12:04 - 2018-04-22 02:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-09 12:04 - 2018-04-22 02:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-09 12:04 - 2018-04-22 02:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-09 12:04 - 2018-04-22 01:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-09 12:04 - 2018-04-22 01:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-09 12:04 - 2018-04-22 01:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-09 12:04 - 2018-04-22 01:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-09 12:04 - 2018-04-22 01:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-09 12:04 - 2018-04-22 01:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-09 12:04 - 2018-04-22 01:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-09 12:04 - 2018-04-22 01:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-09 12:04 - 2018-04-22 01:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-09 12:04 - 2018-04-22 01:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-09 12:04 - 2018-04-22 01:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-09 12:04 - 2018-04-22 01:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-09 12:04 - 2018-04-22 01:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-09 12:04 - 2018-04-22 01:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-09 12:04 - 2018-04-22 01:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-09 12:04 - 2018-04-22 01:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-09 12:04 - 2018-04-22 01:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-09 12:04 - 2018-04-22 01:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-09 12:04 - 2018-04-22 01:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-09 12:04 - 2018-04-22 01:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-09 12:04 - 2018-04-22 01:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-09 12:04 - 2018-04-22 01:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-09 12:04 - 2018-04-22 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-09 12:04 - 2018-04-22 01:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-09 12:04 - 2018-04-22 01:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-09 12:04 - 2018-04-22 01:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-09 12:04 - 2018-04-22 01:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-09 12:04 - 2018-04-22 01:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-09 12:04 - 2018-04-22 01:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-09 12:04 - 2018-04-22 01:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-09 12:04 - 2018-04-22 01:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-09 12:04 - 2018-04-22 01:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-09 12:04 - 2018-04-18 11:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-09 12:04 - 2018-04-18 11:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-05-09 12:04 - 2018-04-18 10:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-09 12:04 - 2018-04-18 10:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-05-09 12:04 - 2018-04-18 10:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-05-09 12:04 - 2018-04-18 10:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-05-09 12:04 - 2018-04-11 11:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-09 12:04 - 2018-04-11 11:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-09 12:04 - 2018-04-11 11:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-09 12:04 - 2018-04-11 11:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-09 12:04 - 2018-04-10 14:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-09 12:04 - 2018-04-10 11:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-05-09 12:04 - 2018-04-10 11:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-05-09 12:04 - 2018-04-10 11:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-09 12:04 - 2018-04-10 11:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-09 12:04 - 2018-04-10 11:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-09 12:04 - 2018-04-10 11:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-09 12:04 - 2018-04-10 11:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-05-09 12:04 - 2018-04-10 10:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-09 12:04 - 2018-04-10 10:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-09 12:04 - 2018-04-10 10:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-09 12:04 - 2018-04-10 10:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-09 12:04 - 2018-04-07 11:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-09 12:04 - 2018-03-18 17:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-09 12:04 - 2018-03-18 17:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-09 12:04 - 2018-03-14 12:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-09 12:04 - 2018-03-14 12:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-09 12:04 - 2018-03-14 12:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-09 12:04 - 2018-03-14 12:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-09 12:04 - 2018-03-14 12:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-05-09 12:04 - 2018-03-14 11:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-09 12:04 - 2018-03-14 11:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-09 12:04 - 2018-03-14 11:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-09 12:04 - 2018-03-14 11:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-05-09 12:04 - 2018-03-14 11:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-09 12:04 - 2018-03-14 11:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-09 12:04 - 2018-03-14 11:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-09 12:04 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-09 12:04 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-09 12:04 - 2018-03-14 11:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-09 12:04 - 2018-03-14 11:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-05-09 10:59 - 2018-05-09 11:35 - 000279444 _____ C:\Windows\ntbtlog.txt
2018-05-08 18:07 - 2018-05-09 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-08 17:41 - 2018-05-08 17:41 - 000000000 _____ C:\Users\dragonlady\Desktop\New Text Document.txt
2018-05-08 17:30 - 2018-05-09 11:53 - 000000000 ____D C:\ProgramData\SupremoRemoteDesktop
2018-05-04 13:06 - 2018-05-04 13:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-05-04 13:06 - 2018-05-04 13:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-05-04 13:06 - 2018-05-04 13:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-05-02 09:28 - 2018-05-02 09:28 - 001213612 _____ C:\Users\dragonlady\Desktop\The Window Business Card-DeanneEmail (3).pdf
2018-05-02 09:27 - 2018-05-02 09:27 - 001213406 _____ C:\Users\dragonlady\Downloads\The Window Business Card-DeanneEmail (3).pdf
2018-05-02 09:23 - 2018-05-02 09:23 - 001213406 _____ C:\Users\dragonlady\Downloads\The Window Business Card-DeanneEmail (2).pdf
2018-05-02 09:22 - 2018-05-02 09:22 - 001213406 _____ C:\Users\dragonlady\Downloads\The Window Business Card-DeanneEmail (1).pdf
2018-05-02 09:20 - 2018-05-02 09:20 - 001213406 _____ C:\Users\dragonlady\Downloads\The Window Business Card-DeanneEmail.pdf
2018-04-25 11:49 - 2018-04-27 12:25 - 000000000 ____D C:\Users\dragonlady\Documents\Quicken
2018-04-25 11:49 - 2018-04-25 11:49 - 000000000 ____D C:\Users\dragonlady\AppData\Local\IsolatedStorage
2018-04-25 11:49 - 2018-04-25 11:49 - 000000000 ____D C:\Users\dragonlady\AppData\Local\EO.WebEngine
2018-04-25 11:41 - 2018-05-09 11:53 - 000000000 ____D C:\Users\dragonlady\AppData\Local\Quicken_Inc
2018-04-25 11:28 - 2018-05-09 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken
2018-04-25 11:28 - 2018-05-09 11:53 - 000000000 ____D C:\Program Files (x86)\Quicken
2018-04-25 11:28 - 2018-04-25 11:28 - 000001782 _____ C:\Users\Public\Desktop\Quicken.lnk
2018-04-25 11:28 - 2017-08-26 11:25 - 009065376 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf500_64.dll
2018-04-25 11:28 - 2017-08-26 11:25 - 007280032 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf500.dll
2018-04-25 11:24 - 2018-04-25 11:28 - 000000126 _____ C:\Windows\QUICKEN.INI
2018-04-25 11:22 - 2018-04-25 11:49 - 000000000 ____D C:\Users\dragonlady\AppData\Roaming\Quicken
2018-04-25 11:22 - 2018-04-25 11:49 - 000000000 ____D C:\ProgramData\Quicken
2018-04-16 18:56 - 2018-04-16 18:56 - 000583507 _____ C:\Users\dragonlady\Downloads\Statement_Apr 2018.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-13 11:52 - 2009-07-13 23:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-13 11:52 - 2009-07-13 23:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-13 11:49 - 2017-04-13 13:40 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-05-13 11:02 - 2017-04-13 14:19 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-13 10:37 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-13 10:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-05-12 13:02 - 2017-04-13 14:19 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-12 12:14 - 2017-06-23 12:56 - 000000000 __SHD C:\Users\dragonlady\IntelGraphicsProfiles
2018-05-11 09:04 - 2017-04-13 14:23 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-11 09:03 - 2017-04-13 14:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-10 04:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-05-10 03:27 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-10 03:27 - 2009-07-13 23:45 - 000845344 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-10 03:07 - 2017-07-01 03:02 - 000000000 ____D C:\Windows\system32\MRT
2018-05-10 03:05 - 2017-10-13 03:06 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-10 03:05 - 2017-07-01 03:00 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-10 03:02 - 2011-02-10 09:33 - 000775728 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-09 11:55 - 2017-07-01 22:18 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-09 11:55 - 2017-06-23 12:55 - 000000000 ____D C:\Users\dragonlady
2018-05-09 11:54 - 2017-04-13 14:21 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-05-09 11:54 - 2017-04-13 14:18 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-09 11:54 - 2017-04-13 14:05 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-05-09 11:54 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-05-09 11:53 - 2017-07-10 12:01 - 000000000 ___RD C:\Users\dragonlady\OneDrive
2018-05-09 11:53 - 2017-06-25 03:57 - 000000000 ___SD C:\Windows\system32\CompatTel
2018-05-09 11:53 - 2017-06-25 03:57 - 000000000 ____D C:\Windows\system32\appraiser
2018-05-09 11:53 - 2017-04-13 14:07 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
2018-05-09 11:53 - 2017-04-13 14:05 - 000000000 ____D C:\Program Files\mcafee
2018-05-09 11:53 - 2017-04-13 14:05 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-05-09 11:53 - 2010-11-21 02:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2018-05-09 11:53 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-05-09 11:53 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\AppCompat
2018-05-08 18:37 - 2017-06-23 18:23 - 000000000 ___RD C:\Users\dragonlady\Dropbox
2018-05-08 18:35 - 2017-06-23 14:02 - 000000000 ____D C:\Users\dragonlady\Documents\Bluetooth Folder
2018-05-04 17:00 - 2018-01-26 01:48 - 000000000 ____D C:\Users\dragonlady\Desktop\TheWindow Business
2018-05-04 13:06 - 2018-04-09 05:17 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-05-01 01:05 - 2017-07-29 08:32 - 000003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-965809427-2527374407-292969995-1000
2018-05-01 01:05 - 2017-06-23 12:56 - 000002171 _____ C:\Users\dragonlady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-04-27 19:46 - 2017-07-01 22:18 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-27 19:46 - 2017-07-01 22:18 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-27 14:36 - 2017-04-13 14:07 - 000003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2018-04-27 11:51 - 2017-04-13 14:03 - 000000000 ____D C:\ProgramData\PCDr
2018-04-27 11:31 - 2017-04-13 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-18 09:35 - 2018-01-18 03:59 - 000000000 ____D C:\Users\dragonlady\Desktop\For Blog
2018-04-17 12:34 - 2018-03-08 17:50 - 000000000 ____D C:\Users\dragonlady\Documents\Back up Thumb Drive
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-08 09:50
==================== End of FRST.txt ============================
The following the log from the Addition.txt.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by dragonlady (13-05-2018 11:57:49)
Running from C:\Users\dragonlady\Desktop\geeks to go files
Windows 7 Professional Service Pack 1 (X64) (2017-06-23 17:55:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-965809427-2527374407-292969995-500 - Administrator - Disabled)
dragonlady (S-1-5-21-965809427-2527374407-292969995-1000 - Administrator - Enabled) => C:\Users\dragonlady
Guest (S-1-5-21-965809427-2527374407-292969995-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Create Recovery Media (HKLM-x32\...\{10F3CD89-8A7E-48D4-9101-B44E5ACFEFDC}) (Version: 1.0.0.1 - Dell)
Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 49.4.68 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 7640 series Basic Device Software (HKLM\...\{B81E425D-39FF-4846-B4BB-7AD61909A0EF}) (Version: 40.11.1135.17143 - HP Inc.)
HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1168 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.6.60 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8627.1 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R10 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.190 - McAfee, Inc.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.9226.2126 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-965809427-2527374407-292969995-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Product Improvement Study for HP ENVY 7640 series (HKLM\...\{C15C2D78-89D2-4EC1-850D-4D9BFADA758A}) (Version: 40.11.1135.17143 - HP Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.344 - Qualcomm Atheros Communications)
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.8.8 - Quicken)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39066 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7908 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Smilebox (HKU\S-1-5-21-965809427-2527374407-292969995-1000\...\Smilebox) (Version: - )
The Print Shop 4.0 Deluxe (HKLM-x32\...\{1309BA7D-D654-4C77-AE9F-3B8B31F7D6A0}) (Version: 1.00.0000 - Encore)
The Print Shop 4.0 Fonts (HKLM-x32\...\{F5E57EC6-FE42-4140-90CD-3A5559B42C96}) (Version: 1.00.0000 - Encore)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-965809427-2527374407-292969995-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\dragonlady\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2015-05-05] (Qualcomm®Atheros®)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-03-16] (McAfee, Inc.)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2015-05-05] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-04] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-11-03] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-03-16] (McAfee, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2A8CB516-8410-4305-BEEF-C96067756C3D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {34008B4A-36EA-4048-A569-DCA4F6DCA7DC} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {4A9E6764-019E-448E-A9CA-CD332790984B} - System32\Tasks\HPCustParticipation HP ENVY 7640 series => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
Task: {4FAF07BB-A696-481D-A8D8-EB97D519C357} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {4FCF8717-1BDB-44C9-A154-ED64D9B2F218} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-01] (Google Inc.)
Task: {637843F3-B8BF-4DE3-9BC6-180065AF7366} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-23] (Dropbox, Inc.)
Task: {71CFB8C1-5CC9-456F-A981-50383CE393BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-26] (Microsoft Corporation)
Task: {8BFCC872-7716-4EDB-8FBF-9AC8EEF44D7C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
Task: {8ED46798-83AF-4705-B70F-3512F8911EEA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-965809427-2527374407-292969995-1000
Task: {9CA7D674-4523-48C0-9FB1-677056A629D8} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {9EE472F7-3C4E-408F-A011-96478022BBE7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-11] (Microsoft Corporation)
Task: {B5F2EB56-0F18-40EB-B819-4D511E39F9E0} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {C46ADAFE-95B2-4A37-9885-A754869CE8E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {D4A1C73E-0621-445B-977C-6156AEC9AC93} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-23] (Dropbox, Inc.)
Task: {DE044826-C762-4976-99EE-F03C0C05E969} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-13] (Adobe Systems Incorporated)
Task: {E70A6A92-7EE8-4400-B555-8816AF9891F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-01] (Google Inc.)
Task: {ED0A88E3-8A0D-48FD-BF0F-72184D57561B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-26] (Microsoft Corporation)
Task: {F09573FF-2E0B-404C-B91E-A92896E883BC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-27] (McAfee, Inc.)
Task: {F76199BB-1E73-492C-B41F-ECAC53D4AA96} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.)
Task: {FBBB6B50-4A17-49B2-BB37-6E93D7F3D0CB} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-16] (Realtek Semiconductor)
Task: {FE7CAD3E-80EF-4C17-A961-EB375A5C5698} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-11] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-05-09 12:28 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-09 12:28 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-01 04:18 - 2018-03-01 04:18 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\McCSPMsgBusDLL.dll
2015-05-05 00:49 - 2015-05-05 00:49 - 000086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2018-04-27 19:46 - 2018-04-25 22:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-04-27 19:46 - 2018-04-25 22:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
2016-05-02 14:46 - 2016-05-02 14:46 - 000134008 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2018-05-08 18:06 - 2018-05-04 13:06 - 000863048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-05-08 18:06 - 2018-05-04 13:06 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-23 14:00 - 2018-05-04 13:04 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-05-08 18:06 - 2018-05-04 13:07 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-05-08 18:06 - 2018-05-04 13:07 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-05-08 18:06 - 2018-05-04 13:07 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-05-08 18:06 - 2018-05-04 13:04 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-05-08 18:06 - 2018-05-04 13:06 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-23 14:00 - 2018-05-04 13:04 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-05-08 18:06 - 2018-05-04 13:06 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-23 14:00 - 2018-05-04 13:04 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-05-08 18:06 - 2018-05-04 13:04 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-22 07:33 - 2018-05-04 13:04 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-05-08 18:06 - 2018-05-04 13:07 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-06 20:45 - 2018-05-04 13:09 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-05-08 18:06 - 2018-05-04 13:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-05-08 18:06 - 2018-05-04 13:07 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-23 14:00 - 2018-05-04 13:04 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-06-23 14:00 - 2018-05-04 13:09 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-05-08 18:06 - 2018-05-04 13:06 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-11 13:28 - 2018-05-04 13:09 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-05-08 18:06 - 2018-05-04 13:07 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-23 14:00 - 2018-05-04 13:09 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-05-08 18:06 - 2018-05-04 13:08 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-23 14:00 - 2018-05-04 13:09 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-05-08 18:06 - 2018-05-04 13:08 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-08-15 04:12 - 2017-11-30 10:29 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ClientTelemetry.dll
2017-08-18 05:25 - 2018-03-01 15:08 - 000294056 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\IEAWSDC.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\dragonlady\Desktop\The Window music.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\dragonlady\Desktop\The Window music.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-965809427-2527374407-292969995-1000\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-965809427-2527374407-292969995-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dragonlady\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{34554E20-35B7-4185-89CE-72B9993DA50E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AD2C7B17-72D6-4420-A0EB-05530245E127}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C6E91406-B38D-43D6-B263-529EE5FE91FF}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{BC1F82D9-2741-4006-B6CE-7D8301FC4B3C}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{0237E030-26B7-4085-9C03-87914036D9D1}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{29B91111-E85F-4C3D-A136-BA38B2A0BA4C}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxPrinterUtility.exe
FirewallRules: [{42145AB1-F248-4943-9626-10EEB7CC2C85}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{7E792FBB-FC47-4C91-B33B-5944D63F938F}] => (Allow) LPort=5357
FirewallRules: [{D38400D2-9F3C-4342-A716-C2EF7D85DEBB}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8BB09CB2-54A4-4B55-BB6F-5BA2DB4B45FB}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{A3CD988A-46E3-4573-893C-0043A404B571}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{C32A00D1-9025-448C-9C53-549AC9BEE436}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{29687687-BB00-46EF-A5AF-FDDFC92479C6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
03-05-2018 00:00:01 Scheduled Checkpoint
09-05-2018 11:45:39 Restore Operation
09-05-2018 12:29:39 JRT Pre-Junkware Removal
09-05-2018 12:49:09 JRT Pre-Junkware Removal
10-05-2018 03:00:18 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/11/2018 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/10/2018 03:28:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/10/2018 03:25:31 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
Error: (05/09/2018 01:03:40 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
Error: (05/09/2018 01:03:39 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
Error: (05/09/2018 11:56:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/09/2018 11:56:04 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
Error: (05/09/2018 11:43:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (05/12/2018 01:35:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (05/12/2018 06:26:10 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (05/12/2018 06:26:10 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (05/10/2018 03:44:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (05/10/2018 03:44:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (05/10/2018 11:44:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (05/10/2018 11:44:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (05/10/2018 03:26:17 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver ACPI returned invalid ID for a child device (5).
==================== Memory info ===========================
Processor: Intel® Core i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 80%
Total physical RAM: 3999.5 MB
Available physical RAM: 770.7 MB
Total Virtual: 7997.18 MB
Available Virtual: 3386.05 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.68 GB) (Free:857.65 GB) NTFS
Drive e: () (Removable) (Total:57.94 GB) (Free:57.89 GB) FAT32
Drive g: (UDISK 2.0) (Removable) (Total:0.24 GB) (Free:0.03 GB) FAT
\\?\Volume{9a0852c4-2087-11e7-885a-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:13.73 GB) (Free:4.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 58EFE854)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Protective MBR) (Size: 58 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 3 (Size: 246 MB) (Disk ID: FE7293E9)
Partition 1: (Active) - (Size=246 MB) - (Type=0E)
==================== End of Addition.txt ============================