Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My laptop is slow starting. Please help me.


  • Please log in to reply

#1
Win10Enthusiast

Win10Enthusiast

    Member

  • Member
  • PipPip
  • 34 posts

I am restarting an old topic from approximately three years ago. Pystryker asked me to start a new topic so here I am, lol.

 

My laptop is slow starting up and I would like a malware fighter with expertise to comprehensively look over my machine for me please, when you have time. I realize you have many requests for help and that your services are free.

 

I still have FRST on my laptop from December 2015. I think I might still have FARBAR on my laptop from that time.

Should I go ahead and follow the instructions again from this topic http://www.geekstogo...cleaning-guide/, or should I wait for instructions from an expert?

 

Many thanks in advance.


Edited by Win10Enthusiast, 27 November 2018 - 09:42 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.

 


  • 0

#3
Win10Enthusiast

Win10Enthusiast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Here is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by kebli (administrator) on DESKTOP-O8A2EKO (05-12-2018 18:05:58)
Running from C:\Users\kebli\Desktop
Loaded Profiles: kebli (Available Profiles: kebli)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHeciSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\mcafee\VUL\McVulCtr.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\browserhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\kebli\Desktop\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5786576 2015-06-24] (Dell Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6629480 2016-06-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-23] (AVAST Software)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
IFEO\cmslauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcctrayapp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\deliverytray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dell help & support.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\delluptray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\g2minstaller.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\g2mtranscoder.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\isoviewer8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pdr12.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\power2go8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerdvd12.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\productregistration.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\rtkngui64.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\smartbytediagnostics.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\supportassistinstaller.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-08-02]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-10-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{cbdb64e4-631a-4bcb-bfd3-3b89faa0d84a}: [DhcpNameServer] 192.168.43.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-10-18] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-10-18] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-12-21] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: bs6lengf.default
FF ProfilePath: C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default [2018-12-05]
FF Homepage: Mozilla\Firefox\Profiles\bs6lengf.default -> |hxxps://www.yahoo.com/
FF Extension: (Avast SafePrice) - C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\Extensions\[email protected] [2018-04-14]
FF Extension: (Avast Online Security) - C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\Extensions\[email protected] [2018-08-02]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\searchplugins\McSiteAdvisor.xml [2018-03-05]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-01-30] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-12-21] ()
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-12-21] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4169369895-2292233020-3573544003-1001: @citrixonline.com/appdetectorplugin -> C:\Users\kebli\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-4169369895-2292233020-3573544003-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kebli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default [2018-12-05]
CHR Extension: (Slides) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Google Search) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-11-16]
CHR Extension: (Sheets) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-11-29]
CHR Extension: (Supernova) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Avast Online Security) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-03]
CHR Extension: (Yahoo Partner) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm [2018-06-07]
CHR Extension: (Oberlo - Aliexpress.com Product Importer) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmanipjnbjnhoicdnooapcnfonebefel [2018-11-26]
CHR Extension: (WeatherBug) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-23] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-08] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-23] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-08] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-11-23] (AVAST Software)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-11-01] (AVAST Software)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S4 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe [935744 2018-07-16] (PC-Doctor, Inc.)
S4 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
S4 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\elevation_service.exe [443872 2018-11-30] (Google Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [675736 2018-10-18] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728808 2017-12-20] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.812\McCHSvc.exe [405392 2018-09-27] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [697288 2017-12-19] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-29] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-29] (McAfee LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [466384 2017-09-29] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.)
S4 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
S4 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (CloudBees, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
S4 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [45016 2018-07-08] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)
S2 0185281543260243mcinstcleanup; C:\WINDOWS\TEMP\018528~1.EXE -cleanup -nolog [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-11-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-11-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-11-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-11-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-11-23] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-02] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-11-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-11-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-11-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-11-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-11-23] (AVAST Software)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-21] (Bluestack System Inc. )
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77280 2017-10-19] (McAfee LLC)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [492512 2017-10-19] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355808 2017-10-19] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84016 2017-10-19] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [506336 2017-10-19] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [938464 2017-10-19] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [507304 2017-11-15] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108456 2017-11-15] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115168 2017-10-19] (McAfee LLC)
R3 mfesapsn; C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [111976 2018-10-18] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252896 2017-10-19] (McAfee LLC)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks, LLC.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-05 18:05 - 2018-12-05 18:06 - 000030584 _____ C:\Users\kebli\Desktop\FRST.txt
2018-12-05 18:04 - 2018-12-05 18:04 - 002417152 _____ (Farbar) C:\Users\kebli\Desktop\FRST64 (1).exe
2018-11-23 21:47 - 2018-11-23 21:47 - 000277352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-23 21:44 - 2018-11-23 21:43 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-11-13 13:04 - 2018-11-01 05:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-13 13:04 - 2018-11-01 03:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 13:04 - 2018-11-01 03:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 13:04 - 2018-11-01 01:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-13 13:04 - 2018-11-01 01:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-13 13:04 - 2018-11-01 01:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-13 13:04 - 2018-10-31 22:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-13 13:04 - 2018-10-31 22:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-13 13:04 - 2018-10-21 07:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-13 13:03 - 2018-11-01 05:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-13 13:03 - 2018-11-01 05:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 13:03 - 2018-11-01 05:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-13 13:03 - 2018-11-01 05:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 13:03 - 2018-11-01 05:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-13 13:03 - 2018-11-01 05:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-13 13:03 - 2018-11-01 05:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-13 13:03 - 2018-11-01 05:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 13:03 - 2018-11-01 05:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-13 13:03 - 2018-11-01 05:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 13:03 - 2018-11-01 05:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-13 13:03 - 2018-11-01 05:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-13 13:03 - 2018-11-01 05:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 13:03 - 2018-11-01 05:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-13 13:03 - 2018-11-01 05:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-13 13:03 - 2018-11-01 05:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-13 13:03 - 2018-11-01 04:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 13:03 - 2018-11-01 03:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-13 13:03 - 2018-11-01 03:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-13 13:03 - 2018-11-01 03:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-13 13:03 - 2018-11-01 03:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-13 13:03 - 2018-11-01 03:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-13 13:03 - 2018-11-01 01:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-13 13:03 - 2018-11-01 01:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-13 13:03 - 2018-11-01 01:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-13 13:03 - 2018-11-01 01:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-13 13:03 - 2018-11-01 01:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-13 13:03 - 2018-11-01 01:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-13 13:03 - 2018-11-01 01:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-13 13:03 - 2018-11-01 01:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-13 13:03 - 2018-11-01 01:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-13 13:03 - 2018-11-01 01:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-13 13:03 - 2018-11-01 01:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-13 13:03 - 2018-11-01 01:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-13 13:03 - 2018-11-01 01:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-13 13:03 - 2018-11-01 01:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-13 13:03 - 2018-11-01 01:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-13 13:03 - 2018-11-01 01:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-13 13:03 - 2018-11-01 01:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-13 13:03 - 2018-11-01 00:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-13 13:03 - 2018-11-01 00:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-13 13:03 - 2018-10-31 23:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-13 13:03 - 2018-10-31 23:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-13 13:03 - 2018-10-31 22:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-13 13:03 - 2018-10-31 22:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-13 13:03 - 2018-10-31 22:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-13 13:03 - 2018-10-31 22:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-13 13:03 - 2018-10-31 22:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-13 13:03 - 2018-10-31 22:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-13 13:03 - 2018-10-31 22:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-13 13:03 - 2018-10-31 22:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-13 13:03 - 2018-10-31 22:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-13 13:03 - 2018-10-31 22:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-13 13:03 - 2018-10-21 07:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-13 13:03 - 2018-10-21 07:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-13 13:03 - 2018-10-21 07:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-13 13:03 - 2018-10-21 07:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-13 13:03 - 2018-10-21 06:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-13 13:03 - 2018-10-21 06:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-13 13:03 - 2018-10-21 06:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-13 13:03 - 2018-10-21 06:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-13 13:03 - 2018-10-21 06:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-13 13:03 - 2018-10-21 06:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-13 13:03 - 2018-10-21 06:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-13 13:03 - 2018-10-21 06:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-13 13:03 - 2018-10-21 05:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-13 13:03 - 2018-10-21 05:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-13 13:03 - 2018-10-21 05:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-13 13:03 - 2018-10-21 05:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-13 13:03 - 2018-10-21 05:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-13 13:03 - 2018-10-21 05:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-13 13:03 - 2018-10-21 05:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-13 13:03 - 2018-10-21 05:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-13 13:03 - 2018-10-21 05:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-13 13:03 - 2018-10-21 03:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-13 13:03 - 2018-10-21 02:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-13 13:03 - 2018-10-21 01:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-13 13:03 - 2018-10-21 01:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-13 13:03 - 2018-10-21 01:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-13 13:03 - 2018-10-21 01:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-13 13:03 - 2018-10-21 01:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-13 13:03 - 2018-10-21 01:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-13 13:03 - 2018-10-21 01:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-13 13:03 - 2018-10-21 01:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-13 13:03 - 2018-10-21 01:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-13 13:03 - 2018-10-21 01:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-13 13:03 - 2018-10-21 01:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-13 13:03 - 2018-10-21 01:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-13 13:03 - 2018-10-21 01:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-13 13:03 - 2018-10-21 01:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-13 13:03 - 2018-10-21 01:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-13 13:03 - 2018-10-21 01:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-13 13:03 - 2018-10-21 01:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-13 13:03 - 2018-10-21 01:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-13 13:03 - 2018-10-21 01:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-13 13:03 - 2018-10-21 00:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-13 13:03 - 2018-10-21 00:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-13 13:03 - 2018-10-20 23:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-13 13:03 - 2018-10-20 23:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-13 13:03 - 2018-04-27 22:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-05 18:05 - 2015-11-23 15:23 - 000000000 ____D C:\FRST
2018-12-05 18:04 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-05 17:16 - 2018-08-04 00:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-05 15:17 - 2018-08-04 01:20 - 000003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-12-05 15:17 - 2018-08-04 01:20 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-12-05 15:17 - 2018-08-04 01:20 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-05 15:17 - 2018-08-04 01:20 - 000003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8E32CCF5-6C3B-4761-B98F-5E7BA2CFD104}
2018-12-05 15:17 - 2018-08-04 01:20 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-05 15:17 - 2018-08-04 01:20 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-12-05 15:17 - 2018-08-04 01:20 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-12-05 15:17 - 2018-08-04 01:20 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4169369895-2292233020-3573544003-1001
2018-12-05 15:17 - 2018-08-04 01:20 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-12-05 15:17 - 2018-08-04 01:20 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-12-05 15:17 - 2018-08-04 01:20 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-12-05 15:17 - 2018-08-04 01:20 - 000002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2018-12-05 15:17 - 2018-08-04 01:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-12-05 14:58 - 2017-06-10 15:16 - 000000000 ____D C:\Users\kebli\Desktop\Pics Jun10 2017
2018-12-05 14:40 - 2018-09-10 00:22 - 000000000 ____D C:\Users\kebli\AppData\Local\CrashDumps
2018-12-05 13:17 - 2018-01-15 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-12-05 12:40 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-05 12:40 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-05 12:32 - 2018-08-02 22:59 - 000000000 ____D C:\Users\kebli\AppData\Local\AVAST Software
2018-12-05 12:28 - 2015-10-30 21:50 - 000000000 __SHD C:\Users\kebli\IntelGraphicsProfiles
2018-12-05 02:01 - 2017-11-21 18:28 - 000000000 ____D C:\Users\kebli\Desktop\New folder
2018-12-04 17:18 - 2015-10-31 13:32 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-03 11:55 - 2018-08-04 00:56 - 000002369 _____ C:\Users\kebli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-03 11:55 - 2015-10-30 21:54 - 000000000 ___RD C:\Users\kebli\OneDrive
2018-12-03 11:50 - 2015-11-01 00:26 - 000002217 _____ C:\Users\kebli\Desktop\ScreenHunter 6.0 Free.lnk
2018-12-02 00:55 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-01 12:10 - 2018-08-04 01:20 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-11-29 13:01 - 2015-12-05 22:50 - 000000000 ____D C:\Program Files\CCleaner
2018-11-29 12:56 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-27 21:22 - 2018-01-16 06:02 - 000000000 ____D C:\Users\kebli\AppData\Local\Packages
2018-11-26 16:28 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-26 08:16 - 2018-06-10 20:45 - 000239840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-11-25 11:16 - 2018-08-04 01:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-25 11:16 - 2018-04-11 15:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-11-23 21:54 - 2018-08-04 01:09 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-23 21:49 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-23 21:44 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-23 21:43 - 2018-10-23 18:10 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-11-23 21:43 - 2018-06-10 20:45 - 000185072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys.154324181664001
2018-11-23 21:43 - 2018-03-25 21:49 - 001028680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000380464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000346592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000230344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000208472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000201768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000201240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000163208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000111800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000087432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000059496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000046384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-11-22 20:35 - 2018-09-08 11:15 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-21 00:42 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-20 18:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-20 18:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-16 17:00 - 2018-10-09 16:53 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-16 17:00 - 2018-10-09 16:53 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-16 00:09 - 2017-09-29 05:23 - 000000000 ____D C:\Program Files\rempl
2018-11-14 17:45 - 2015-12-13 14:19 - 000000000 ___RD C:\Users\kebli\3D Objects
2018-11-14 17:45 - 2015-09-18 06:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-13 13:01 - 2015-10-31 00:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 13:00 - 2015-10-31 00:04 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-11 13:10 - 2018-10-03 16:37 - 000000000 ____D C:\ProgramData\McAfee Security Scan
 
==================== Files in the root of some directories =======
 
2015-11-02 19:34 - 2015-11-02 19:34 - 000007679 _____ () C:\Users\kebli\AppData\Local\Resmon.ResmonCfg
2018-04-29 00:09 - 2018-04-29 00:09 - 000000000 _____ () C:\Users\kebli\AppData\Local\{062078D9-1EAA-4A27-95D5-40AB4E70E42C}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-04 00:49
 
==================== End of FRST.txt ============================
 
 
Here is the Addition.txt log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by kebli (05-12-2018 18:07:13)
Running from C:\Users\kebli\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-08-04 07:22:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4169369895-2292233020-3573544003-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4169369895-2292233020-3573544003-503 - Limited - Disabled)
Guest (S-1-5-21-4169369895-2292233020-3573544003-501 - Limited - Disabled)
kebli (S-1-5-21-4169369895-2292233020-3573544003-1001 - Administrator - Enabled) => C:\Users\kebli
WDAGUtilityAccount (S-1-5-21-4169369895-2292233020-3573544003-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.103 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{0C38D1A4-B2FC-9703-654C-C3CEDE4DD225}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{9D9CC4B0-405C-95D6-85B4-B3E4DED01E79}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{788D0DCB-713D-0D8B-F9E5-309796862274}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ED6D0FE7-E572-056E-E087-927C61F2F973}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{15C29BF4-9899-2B62-BE66-A057FC05C852}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{56579888-062A-6054-F513-5958047648F9}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{06EEBF74-32C6-55E5-79A2-E0FA28ADC5CA}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{1A8158BF-DCAA-2D9B-E8CB-F252678A1557}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{D1529DEC-48D9-4F14-F042-2011314AABC7}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD4CE883-EDD3-984B-CFAE-B9E190018BFD}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3067917D-AC97-570E-0049-68C6A15D5019}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D3E58012-AA11-3DA3-25CA-3CA7608A59CB}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EBC01D33-F6E9-E89D-E263-8FB9779150A5}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{FB9B68B2-E77D-C0AE-5756-71C8E08281C8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D1A67704-6B9D-25E8-5E72-F240BB3346E8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{498599FF-B5B8-A5FB-54EC-4247CD0B7FFD}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{2B59B1BD-9332-9BB4-4248-742DFEC3246B}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{35B691C1-B888-FF22-E681-AA8436C4A616}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{5C4BCFAC-2BE2-90FB-5A6A-36F0BEF43995}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3E3AFE36-070E-CCA8-0B43-84A62BC019B7}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{E170E54E-94CD-6F2E-6D79-E2DDEEBFD8C8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{B1714996-891A-43D2-8B83-CCFB2EC53978}) (Version: 2.3.3800.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{4CB4741A-20C1-454E-8276-993D06A76D67}) (Version: 2.2.3.2 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4590 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8431b7d7-59d1-4f45-8212-a2eac049528f}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R7 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.812.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.20721 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.1 (x86 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF-XChange Editor (HKLM\...\{3D1987D7-5A88-4DDA-9D29-6977AE2BDBD0}) (Version: 5.5.316.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (HKLM-x32\...\{3475c0cd-7dee-4863-ac1d-57cb530ee125}) (Version: 5.5.315.0 - Tracker Software Products (Canada) Ltd.)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
PX Profile Update (HKLM-x32\...\{0D5E5C9A-84C2-D3E9-30EE-1836BA479E0E}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{95145542-659F-1C89-B424-518BBC7F7556}) (Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.007 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
System Requirements Lab Detection (HKLM-x32\...\{4610FE53-898B-43AE-9F05-6262FB165BFF}) (Version: 6.1.6.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-12-21] (McAfee, Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxDTCM.dll [2018-03-22] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-12-21] (McAfee, Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000B1C89-7735-4CCD-BA1D-66EE33C841DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {0176B90D-7670-48E5-B03F-EC2404C53E1B} - System32\Tasks\G2MUploadTask-S-1-5-21-4169369895-2292233020-3573544003-1001 => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0C21F844-69B2-4064-8B4B-43EA2771B535} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {14F0A37B-4697-4FF4-B1E8-E3BF48519126} - System32\Tasks\G2MUpdateTask-S-1-5-21-4169369895-2292233020-3573544003-1001 => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4B5E2BD5-AAF9-4DC6-8E7D-70C3F8A9780A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {54FE243F-BA3E-47D6-A5F2-121D9E813C00} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {58A89388-FA2B-415E-B94D-4FDF62D4EDC4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-23] (AVAST Software)
Task: {5EB2329D-A9AC-47A9-8B12-FBB089041235} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7AB9AF15-DDD2-42A5-9081-81F209F0F841} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {7CAF98D8-D452-4F00-A057-C4277ED4B3C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {81D84FBA-E575-497A-924B-6C521478A2AC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-08] (AVAST Software)
Task: {875F5410-5C87-45CE-83DB-1F20D4F543D4} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-11-01] (AVAST Software)
Task: {888D4C3B-70EE-4F62-8C5A-19574C51BC03} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {88D7EEF9-BFDB-4CCD-B3F0-5610D70973D5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {8AA65B27-46A5-4A8D-A718-4996ADE6236A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {8D997172-709C-4B56-8641-30DE8D7FF339} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-09-11] (McAfee, Inc.)
Task: {9CBBF5B9-78E8-4839-A111-90809DE04AC4} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-06-09] (McAfee, Inc.)
Task: {9D89E7D5-A194-4FE5-BDBA-2440FB4CDCC8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A3ABC667-4B93-439F-A425-87FF506C71D9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-08] (AVAST Software)
Task: {A7A795F2-6109-480E-8441-8CAE52FE62AA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {BF2724D9-F313-44E7-AE51-86251CC2F52F} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-03-20] (DELL)
Task: {C0A1125D-9966-4758-B2B4-6DB986483CBA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_pepper.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {C0CB6929-A415-4B65-995E-3179DC9B4FA6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {D3526ADC-380F-4689-B5D5-D0859365B6A7} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-08] (AVAST Software)
Task: {DB740AE1-0B55-4318-B667-0F4B5EE68F79} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {ECC12274-BB53-4C38-8716-9D7A8EF92C4C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-07-08] (Dell Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Dell Product Registration.job => cmd /c sc start Dell Product RegistrationWORKGROUP DESKTOP O8A2EKO
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4169369895-2292233020-3573544003-1001.job => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4169369895-2292233020-3573544003-1001.job => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP O8A2EKO
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\kebli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WeatherBug.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-13 17:32 - 2017-12-21 10:53 - 001724384 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-08-13 17:32 - 2017-12-21 10:53 - 000584104 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-15 17:47 - 2018-10-15 17:48 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-13 03:33 - 2018-11-13 03:33 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-13 03:33 - 2018-11-13 03:34 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-11-13 03:33 - 2018-11-13 03:33 - 010873344 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-11-13 03:33 - 2018-11-13 03:34 - 002834432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\skypert.dll
2018-11-13 03:33 - 2018-11-13 03:34 - 000685568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-11-13 03:33 - 2018-11-13 03:34 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-26 13:40 - 2018-10-26 13:43 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-10-26 13:40 - 2018-10-26 13:42 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-26 13:40 - 2018-10-26 13:41 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 15:09 - 2017-09-27 01:55 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-26 13:40 - 2018-10-26 13:42 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-11-28 10:11 - 2018-11-28 10:11 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-12-04 17:18 - 2018-11-30 16:34 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\libglesv2.dll
2018-12-04 17:18 - 2018-11-30 16:34 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\libegl.dll
2018-11-14 16:12 - 2018-11-14 16:13 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-11-14 16:12 - 2018-11-14 16:13 - 066031104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-08 23:47 - 2017-10-08 23:49 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-11-14 16:12 - 2018-11-14 16:13 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-11-14 16:12 - 2018-11-14 16:12 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-08-23 15:52 - 2018-08-23 15:54 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-23 15:52 - 2018-08-23 15:54 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-04-03 14:08 - 2018-04-03 14:10 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-11-14 16:12 - 2018-11-14 16:13 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-11-14 16:12 - 2018-11-14 16:13 - 014097920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-11-14 16:12 - 2018-11-14 16:12 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-11-14 16:12 - 2018-11-14 16:12 - 002863616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 18:54 - 2018-08-30 18:56 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-08-02 13:20 - 2018-08-02 13:49 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-14 16:12 - 2018-11-14 16:13 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\SKU.dll
2018-08-02 11:37 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2015-09-18 05:08 - 2014-12-08 01:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 16:28 - 2014-12-08 16:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2018-03-25 21:49 - 2018-03-25 21:49 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-23 21:43 - 2018-11-23 21:43 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-25 15:29 - 2014-09-05 10:55 - 000132808 _____ () C:\Users\kebli\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 05:04 - 2018-11-30 12:49 - 000000919 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kebli\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\20771.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6B1A5332-A410-46F7-994D-677207100D5B}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{E6A9D94A-8D1B-43F2-B49D-72E241F7FE63}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1A2BC681-080C-4C2A-8FAB-126EEEBEDBA7}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4A2DB286-62AF-4F6B-84A6-F65F7DBBAD66}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D3ADA869-84BA-4C3D-A2B0-5452EEA278D0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{029F1ADF-BFDA-47A4-BA8E-21F09A6DAFD9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{B5B4CDFB-75CE-49A9-8803-FC52EA41D3F6}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{9B12F191-6A81-41BC-9176-D8CC1BEA4F9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6426F3C1-7131-4E45-ACFC-80BF99EAA8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F74A86C-70F4-4EA7-A37C-5AD3921A2D6E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{C15CB803-5944-48CF-9B35-FCFC9BFFF32B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{693D2FE8-55BD-4A44-A766-CA1B09E72BFA}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{9F08464B-CAC7-4891-B3A4-2A7C01A5BE34}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{55784381-C8D3-4836-AB26-AB1BA0C5ACE0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{91BEEA0E-5551-4655-951A-955EF242E5A0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BB8A871C-2BE8-42C4-8887-096CBCE5890F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1280E18B-404C-4118-AAA2-F4BEB5A0426D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-11-2018 12:59:59 Windows Update
20-11-2018 17:43:19 Scheduled Checkpoint
30-11-2018 14:21:10 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/05/2018 02:40:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007c686
Faulting process id: 0x267c
Faulting application start time: 0x01d48cd854e25786
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: 26164387-d333-47bf-a2cf-5805a8eef37d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/05/2018 02:22:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007c686
Faulting process id: 0x1be8
Faulting application start time: 0x01d48cccf25f78cd
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: 40d81e49-0aa1-446a-982f-a752d9241a81
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/05/2018 02:02:02 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (12/05/2018 02:01:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007c686
Faulting process id: 0x4db0
Faulting application start time: 0x01d48c6cefbef250
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: aaf4d16e-2fca-4bc4-ac8d-5be144869571
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/05/2018 01:34:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007a24d
Faulting process id: 0xb70
Faulting application start time: 0x01d48c2c33bd8079
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: 127b938b-57cd-49f8-bf55-f66eeb100646
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/04/2018 05:50:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007c686
Faulting process id: 0x53a4
Faulting application start time: 0x01d48c0d7e75cd88
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: 989fe06f-a2f0-430d-8c10-2eded3e0c8a4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/04/2018 01:10:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007c686
Faulting process id: 0x1cc8
Faulting application start time: 0x01d48bfd3cd71355
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: d6f3999b-f053-42b7-b54c-56bb46cc37aa
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/04/2018 01:44:48 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
 
System errors:
=============
Error: (12/05/2018 03:22:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/05/2018 02:40:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Push Notifications User Service_161dc929 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/05/2018 02:22:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Push Notifications User Service_161dc929 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/05/2018 12:54:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/05/2018 12:35:29 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/05/2018 12:32:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/05/2018 12:29:24 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O8A2EKO)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
 
Error: (12/05/2018 12:29:23 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O8A2EKO)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
 
 
CodeIntegrity:
===================================
 
Date: 2018-09-13 23:06:17.908
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:17.873
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:16.102
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:16.072
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:16.033
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:16.001
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:14.770
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:14.646
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 16275.82 MB
Available physical RAM: 10122.38 MB
Total Virtual: 18707.82 MB
Available Virtual: 12449.48 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1848.78 GB) (Free:1737.28 GB) NTFS
 
\\?\Volume{917e8194-70b2-42bd-bd7c-b170ba134d78}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS
\\?\Volume{79049588-dba9-4c83-be42-a01776ed46db}\ (Image) (Fixed) (Total:12.78 GB) (Free:0.92 GB) NTFS
\\?\Volume{67692ed4-4711-4932-9712-3240e2999db2}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 61408B0D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
Here is the Get Process Explorer log (the name of the file is Registry):
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
ApplicationFrameHost.exe 8,216 K 28,080 K 1068 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
atieclxx.exe 2,428 K 9,724 K 5492
atiesrxx.exe 1,904 K 2,756 K 1904 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atiw.exe 2,652 K 10,036 K 12836 DDV ATI Graphics Worker Dell Inc. (Verified) Dell Inc
AvastBrowserCrashHandler.exe 1,828 K 844 K 11760
AvastBrowserCrashHandler64.exe 1,840 K 732 K 9892
backgroundTaskHost.exe Suspended 25,680 K 53,424 K 19688 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
BDAppHost.exe 24,848 K 48,400 K 12652 BDAppHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDExtHost.exe 3,092 K 15,096 K 14072 BDExtHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDRuntimeHost.exe 16,528 K 31,260 K 12512 BDRuntimeHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDSurrogateHost.exe 2,348 K 12,508 K 16676 BDSurrogateHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BingDesktop.exe 5,984 K 25,104 K 11736 Bing Desktop Application Microsoft Corp. (Verified) Microsoft Corporation
browser_broker.exe 1,976 K 9,248 K 23408 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
browserhost.exe 3,728 K 2,880 K 20508 McAfee WebAdvisor McAfee, Inc. (Verified) McAfee
chrome.exe 2,608 K 8,680 K 3548 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,380 K 9,240 K 10628 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,224 K 40,068 K 19800 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,676 K 41,552 K 23404 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,448 K 40,720 K 19880 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,100 K 43,860 K 7968 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,988 K 43,412 K 12632 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,216 K 42,580 K 21592 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,512 K 42,016 K 17944 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,780 K 42,192 K 10036 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 31,688 K 47,868 K 16756 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 15,280 K 24,448 K 13788 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 29,196 K 44,784 K 11476 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 36,636 K 56,512 K 5336 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 69,420 K 82,684 K 23388 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 45,140 K 63,484 K 23344 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 307,636 K 306,876 K 9636 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 52,084 K 69,868 K 11600 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 35,228 K 58,944 K 23084 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 27,220 K 46,660 K 2804 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 53,148 K 79,856 K 19432 Google Chrome Google Inc. (Verified) Google Inc
cmd.exe 2,056 K 2,572 K 1496 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 5,536 K 8,756 K 15276 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 5,828 K 10,032 K 6888 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,904 K 1,608 K 916
csrss.exe 1,908 K 3,460 K 18012
csrss.exe 2,104 K 2,600 K 784
ctfmon.exe 10,136 K 20,984 K 15268
DDVCollectorSvcApi.exe 1,784 K 2,384 K 8868 Dell Data Vault Data Collector Service API Dell Inc. (Verified) Dell Inc
DDVDataCollector.exe 34,564 K 32,412 K 13264 Dell Data Vault Data Collector Service Dell Inc. (Verified) Dell Inc
DDVRulesProcessor.exe 6,020 K 7,004 K 10600 Dell Data Vault Rules Processor Dell Inc. (Verified) Dell Inc
dllhost.exe 3,524 K 10,664 K 14776 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 4,000 K 6,768 K 9876
dllhost.exe 2,152 K 8,428 K 17020 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 7,996 K 7,812 K 828
fontdrvhost.exe 3,708 K 8,692 K 21064
GoogleCrashHandler.exe 1,896 K 168 K 11988
GoogleCrashHandler64.exe 1,788 K 160 K 9824
ibtsiva.exe 1,244 K 2,276 K 4052 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
igfxCUIService.exe 1,904 K 4,184 K 2360 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 5,052 K 21,104 K 22008 igfxEM Module Intel Corporation (Verified) Intel® pGFX
IntelCpHDCPSvc.exe 1,496 K 2,260 K 4044 Intel HD Graphics Drivers for Windows® Intel Corporation (Verified) Intel® pGFX
IntelCpHeciSvc.exe 1,484 K 2,308 K 4576 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel® pGFX
LockApp.exe Suspended 12,888 K 50,316 K 12104 LockApp.exe Microsoft Corporation (Verified) Microsoft Windows
McCSPServiceHost.exe 11,572 K 16,688 K 6764 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
mcshield.exe 48,232 K 9,856 K 6916
McUICnt.exe 16,640 K 25,832 K 20588 McAfee McAfee, Inc. (Verified) McAfee
McVulCtr.exe 4,036 K 2,476 K 13032
Memory Compression 228 K 21,680 K 2264
mfefire.exe 3,084 K 5,408 K 6488
mfemms.exe 3,328 K 4,492 K 3112 McAfee Management Service McAfee LLC (Verified) McAfee
mfevtps.exe 2,100 K 2,084 K 3460 McAfee Process Validation Service McAfee LLC (Verified) McAfee
mfevtps.exe 7,056 K 9,176 K 5052
Microsoft.Photos.exe Suspended 133,108 K 124,716 K 11232 (No signature was present in the subject)
MicrosoftEdge.exe Suspended 22,260 K 64,896 K 10196 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe Suspended 6,048 K 25,496 K 1720 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe Suspended 5,300 K 23,048 K 21856 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
ModuleCoreService.exe 11,152 K 11,264 K 20400 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
MSASCuiL.exe 2,104 K 9,364 K 17448 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
PEFService.exe 1,652 K 2,184 K 3432 Intel Security PEF Service Intel Security, Inc. (Verified) McAfee
PresentationFontCache.exe 24,872 K 5,224 K 8032 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 3,056 K 10,236 K 22368 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Registry 1,572 K 107,444 K 96
RemindersServer.exe Suspended 2,624 K 13,344 K 10852 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,272 K 15,972 K 3344 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,260 K 28,360 K 11816 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,964 K 7,136 K 17620 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 8,180 K 30,404 K 9460 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,192 K 16,364 K 14676 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,416 K 21,616 K 19440 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 9,680 K 28,248 K 3420 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,004 K 27,496 K 9244 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,120 K 9,076 K 18136 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 51,964 K 49,600 K 9552 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 55,416 K 116,956 K 8404 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 5,768 K 10,800 K 4144 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 6,736 K 9,012 K 992
SettingSyncHost.exe 22,232 K 4,836 K 11320 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 3,256 K 3,876 K 10380 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe Suspended 31,328 K 91,144 K 13988 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 10,252 K 36,668 K 9388 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
SkypeApp.exe Suspended 172,740 K 162,796 K 12544 SkypeApp Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SkypeBackgroundHost.exe Suspended 2,012 K 11,640 K 17892 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smartscreen.exe 17,772 K 41,608 K 11084 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
smss.exe 528 K 652 K 520
spoolsv.exe 5,956 K 7,724 K 3720 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SSScheduler.exe 1,580 K 1,172 K 6956 McAfee Security Scanner Scheduler McAfee, Inc. (Verified) McAfee
svchost.exe 1,016 K 1,224 K 712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,260 K 5,680 K 1316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,996 K 2,640 K 1336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,828 K 3,592 K 1548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,644 K 2,388 K 1556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,764 K 12,088 K 1696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,872 K 6,236 K 1788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,804 K 2,516 K 1996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,456 K 1,640 K 2032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,044 K 4,960 K 2080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,328 K 5,676 K 2332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,900 K 3,408 K 2440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,124 K 4,212 K 2448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,196 K 5,336 K 2816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,432 K 7,208 K 3452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,636 K 1,860 K 3796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,348 K 2,320 K 600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,740 K 3,132 K 4424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,520 K 7,792 K 4564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,680 K 6,396 K 4788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,844 K 4,440 K 7208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,428 K 3,956 K 16316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,640 K 5,224 K 12692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,732 K 7,308 K 22012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,144 K 22,560 K 19188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,620 K 5,724 K 10376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,564 K 6,136 K 21844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,484 K 6,764 K 1844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,496 K 5,608 K 19416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,596 K 6,196 K 1328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,868 K 6,144 K 9944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,004 K 7,168 K 12912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,236 K 22,160 K 10316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,792 K 3,000 K 2868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,680 K 13,448 K 1912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,668 K 7,604 K 2836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,392 K 1,884 K 2156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,060 K 3,188 K 3772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,268 K 6,968 K 2376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,912 K 10,876 K 4084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,452 K 8,160 K 2704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,752 K 8,500 K 21560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 48,984 K 40,264 K 7184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,116 K 6,616 K 2184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,356 K 13,200 K 8500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,312 K 12,724 K 6156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,972 K 31,816 K 20064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,568 K 4,488 K 2216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,648 K 5,412 K 1484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,056 K 16,384 K 1344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,960 K 13,616 K 15844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,340 K 12,808 K 3224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17,036 K 16,888 K 1820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,208 K 9,104 K 2580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,380 K 4,768 K 2132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,224 K 11,720 K 2524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,160 K 4,032 K 3024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,276 K 8,152 K 2696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 38,212 K 40,816 K 4060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,388 K 5,896 K 1100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,272 K 2,964 K 4524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,924 K 5,192 K 10576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 28,496 K 37,144 K 732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 20,140 K 33,480 K 4068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,456 K 4,080 K 3704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,248 K 15,420 K 1564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,836 K 7,200 K 3092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,028 K 14,008 K 1052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,492 K 4,200 K 2456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,780 K 11,388 K 2828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
TabTip.exe 3,964 K 15,828 K 21688
taskhostw.exe 6,404 K 17,180 K 15052 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TuneupSvc.exe 61,852 K 73,164 K 4136 Avast Cleanup Service AVAST Software (Verified) AVAST Software s.r.o.
TuneupUI.exe 14,060 K 38,400 K 20692 Avast Cleanup UI AVAST Software (Verified) AVAST Software s.r.o.
uihost.exe 12,600 K 34,604 K 13620 McAfee WebAdvisor McAfee, Inc. (Verified) McAfee
unsecapp.exe 1,780 K 7,200 K 16540
Video.UI.exe Suspended 21,444 K 40,308 K 13940 (No signature was present in the subject)
WavesSysSvc64.exe 2,824 K 1,760 K 4112 WavesSysSvc Service Application Waves Audio Ltd. (Verified) Waves Inc
wininit.exe 1,656 K 3,528 K 944
winlogon.exe 2,384 K 8,912 K 23540
WmiPrvSE.exe 24,304 K 32,496 K 18732
WmiPrvSE.exe 6,128 K 12,556 K 10080
ModuleCoreService.exe < 0.01 58,096 K 70,964 K 4100 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
svchost.exe < 0.01 4,808 K 11,456 K 6824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
aswidsagenta.exe < 0.01 25,232 K 35,156 K 3656 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe < 0.01 2,808 K 4,772 K 1932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,916 K 11,252 K 9740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
servicehost.exe < 0.01 54,816 K 34,512 K 3768 McAfee WebAdvisor McAfee, Inc. (Verified) McAfee
unsecapp.exe 0.01 2,196 K 4,632 K 5596
MMSSHOST.exe 0.01 56,128 K 53,772 K 4996
mcapexe.exe 0.01 3,396 K 3,036 K 7148 McAfee Access Protection McAfee, Inc. (Verified) McAfee
CLMLSvc_P2G8.exe 0.01 3,296 K 852 K 20080 CyberLink MediaLibrary Service CyberLink (Verified) CyberLink Corp.
WavesSvc64.exe 0.02 1,492 K 6,500 K 12100 Waves MaxxAudio Service Application Waves Audio Ltd. (Verified) Waves Inc
chrome.exe 0.02 26,848 K 43,504 K 14004 Google Chrome Google Inc. (Verified) Google Inc
MfeAVSvc.exe 0.02 43,864 K 53,052 K 2536
chrome.exe 0.03 39,592 K 57,840 K 12600 Google Chrome Google Inc. (Verified) Google Inc
lsass.exe 0.03 11,844 K 18,052 K 1020 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.03 56,460 K 85,880 K 11024 Google Chrome Google Inc. (Verified) Google Inc
CCleaner64.exe 0.04 12,392 K 29,784 K 8156
AvastSvc.exe 0.04 245,736 K 39,572 K 3148 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
chrome.exe 0.07 147,296 K 181,472 K 8904 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.09 173,896 K 211,428 K 5480 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.17 63,764 K 147,408 K 20616 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.22 73,096 K 103,632 K 740 Google Chrome Google Inc. (Verified) Google Inc
ScreenHunter.exe 0.23 6,748 K 23,216 K 11000 ScreenHunter 6.0 Free Wisdom Software Inc. (Verified) Wisdom Software Inc.
ScreenHunter.exe 0.25 20,372 K 38,260 K 16496 ScreenHunter 6.0 Free Wisdom Software Inc. (Verified) Wisdom Software Inc.
FRST64 (1).exe 0.26 31,740 K 56,484 K 19336
svchost.exe 0.32 28,300 K 28,380 K 4076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.37 108,656 K 104,192 K 2140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.44 129,720 K 168,776 K 6152 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.70 2,544 K 6,100 K 15816
dwm.exe 0.71 83,436 K 108,372 K 19696
AvastUI.exe 0.94 30,304 K 60,660 K 16500 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
System 1.01 216 K 3,488 K 4
Interrupts 1.09 0 K 0 K n/a Hardware Interrupts and DPCs
WmiPrvSE.exe 1.61 19,508 K 29,420 K 5680
chrome.exe 1.72 95,672 K 119,072 K 18792 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4.14 109,488 K 141,300 K 19664 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4.41 159,124 K 233,864 K 22784 Google Chrome Google Inc. (Verified) Google Inc
procexp64.exe 5.42 28,692 K 58,892 K 14368 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 75.54 52 K 8 K 0
 
 
I opened an Elevated Command Prompt and pasted the two lines into it
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Access is denied. I tried three times, but I saw the Access is denied message in the command prompt.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP
On a trip. No PC. Will get back to you on Saturday. Please uninstall everything from McAfee. Then go to mcafee.com and get mcpr.exe the McAfee consumer product removal tool. Save,right click, run as admin.
  • 0

#5
Win10Enthusiast

Win10Enthusiast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Thanks a million for your replies, RKinner.

I uninstalled everything I could find that was McAfee. Then I got a hold of mcpr.exe and ran that.

Enjoy your trip. Hope you are not in southwestern Virginia or in western North Carolina. BAD storm there.


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP

I'm in FL so no problem.  Trip was down to Key West to take the ferry to Dry Tortugas National Park.  Ferry ride was a bit rough because of the cold front but otherwise a pleasant trip.

 

I see several windows files that don't seem to be signed properly so let's run dism.

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/


(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:
 

 DISM  /Online  /Cleanup-Image  /RestoreHealth


 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 

sfc  /scannow




This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt



Hit Enter.  Then type::

 

notepad  %UserProfile%\desktop\junk.txt


Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


Run Process Explorer as before and post the log.  Also run a new FRST scan with Addition.txt checked and post the logs.


  • 0

#7
Win10Enthusiast

Win10Enthusiast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Thanks for your reply! Glad you enjoyed your trip.

 

I ran dism and sfc as Administrator.

 

The result was that Windows did not find any integrity violations.

 

Next, I ran VEW. Here is the System Log:

 

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 09/12/2018 2:18:10 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/12/2018 7:44:33 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 7:38:09 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 7:37:27 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 7:36:55 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 7:34:44 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 7:34:44 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 7:19:26 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 5:35:58 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 5:35:34 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 5:35:10 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 5:34:47 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 5:31:29 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 5:31:29 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 5:31:28 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/12/2018 3:08:23 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/12/2018 11:25:25 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/12/2018 6:22:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/12/2018 6:18:23 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/12/2018 6:17:09 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/12/2018 6:17:08 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/12/2018 7:37:05 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ui.ff.avast.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/12/2018 7:34:26 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 09/12/2018 7:34:23 PM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 09/12/2018 5:34:43 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnsproxy.ff.avast.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/12/2018 5:34:00 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name update.avastbrowser.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/12/2018 5:33:39 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnsproxy.ff.avast.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/12/2018 5:32:07 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ncc.avast.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/12/2018 5:31:41 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnsproxy.ff.avast.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/12/2018 5:31:26 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 09/12/2018 5:31:25 PM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 09/12/2018 3:34:32 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 09/12/2018 3:34:31 AM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 08/12/2018 10:21:04 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/12/2018 10:21:03 PM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 08/12/2018 6:47:41 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 46 seconds since the last report.
 
Log: 'System' Date/Time: 08/12/2018 6:47:40 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 46 seconds since the last report.
 
Log: 'System' Date/Time: 08/12/2018 6:47:40 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 46 seconds since the last report.
 
Log: 'System' Date/Time: 08/12/2018 6:47:40 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 46 seconds since the last report.
 
Log: 'System' Date/Time: 08/12/2018 6:11:58 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/12/2018 6:11:55 PM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.
 
 
 
 
 
And the Application Log :
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 09/12/2018 2:21:36 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/12/2018 7:33:29 PM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error
 
Log: 'Application' Date/Time: 09/12/2018 7:46:14 AM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error
 
Log: 'Application' Date/Time: 09/12/2018 4:19:47 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 09/12/2018 4:19:47 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 09/12/2018 3:34:33 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 09/12/2018 3:34:33 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 08/12/2018 6:12:07 PM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error
 
Log: 'Application' Date/Time: 08/12/2018 6:10:58 PM
Type: Error Category: 16
Event: 16390 Source: ATIeRecord
ATI EEU waiting for an event has failed
 
Log: 'Application' Date/Time: 08/12/2018 6:10:58 PM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error
 
Log: 'Application' Date/Time: 08/12/2018 8:10:28 AM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error
 
Log: 'Application' Date/Time: 08/12/2018 6:27:30 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 08/12/2018 6:27:30 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 08/12/2018 1:20:32 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 08/12/2018 1:20:32 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 07/12/2018 10:01:07 PM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 07/12/2018 10:01:07 PM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Log: 'Application' Date/Time: 07/12/2018 8:44:19 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2 Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185 Exception code: 0xc0000005 Fault offset: 0x000000000007c686 Faulting process id: 0x2918 Faulting application start time: 0x01d48e562c6d981f Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: C:\Windows\System32\NotificationController.dll Report Id: a2b9c351-1fab-44f5-945d-6c1b2c250c96 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 07/12/2018 7:29:08 AM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error
 
Log: 'Application' Date/Time: 06/12/2018 8:14:29 AM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error
 
Log: 'Application' Date/Time: 06/12/2018 8:14:24 AM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/12/2018 7:38:19 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (8684,D,31) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 3678208 (0x0000000000382000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (20 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 09/12/2018 7:37:58 PM
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (8684,D,0) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 3678208 (0x0000000000382000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 06/12/2018 6:18:22 PM
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (8232,D,0) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 1589248 (0x0000000000184000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 06/12/2018 6:18:22 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (8232,D,29) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 1589248 (0x0000000000184000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (18 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 06/12/2018 8:01:29 AM
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (8840,D,29) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 1589248 (0x0000000000184000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (21 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 06/12/2018 8:01:28 AM
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (8840,D,0) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 1589248 (0x0000000000184000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 06/12/2018 7:58:47 AM
Type: Warning Category: 3
Event: 472 Source: ESENT
svchost (3760,R,98) SRUJet: The shadow header page of file C:\WINDOWS\system32\SRU\SRUDB.dat was damaged. The primary header page (4096 bytes) was used instead.
 
Log: 'Application' Date/Time: 05/12/2018 6:31:55 PM
Type: Warning Category: 7
Event: 509 Source: ESENT
svchost (19188,D,42) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 122880 (0x000000000001e000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 71 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 05/12/2018 6:31:15 PM
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (19188,D,0) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 3678208 (0x0000000000382000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 05/12/2018 6:31:15 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (19188,D,31) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 3678208 (0x0000000000382000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 03/12/2018 5:49:29 PM
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (14196,D,0) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 3678208 (0x0000000000382000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 03/12/2018 5:49:29 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (14196,D,31) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 3678208 (0x0000000000382000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 30/11/2018 6:48:19 PM
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (13216,D,0) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 5758976 (0x000000000057e000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 30/11/2018 6:48:19 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (13216,D,12) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 5758976 (0x000000000057e000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 29/11/2018 8:12:30 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
taskhostw (4324,D,0) WebCacheLocal: A request to write to the file "C:\Users\kebli\AppData\Local\Microsoft\Windows\WebCache\V01.log" at offset 172032 (0x000000000002a000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (30 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 29/11/2018 8:12:30 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
taskhostw (4324,D,0) WebCacheLocal: A request to write to the file "C:\Users\kebli\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm" at offset 8192 (0x0000000000002000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (30 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 24/11/2018 4:10:20 AM
Type: Warning Category: 7
Event: 509 Source: ESENT
svchost (10684,D,42) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 122880 (0x000000000001e000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (17 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 139 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 24/11/2018 4:08:31 AM
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (10684,D,0) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 6782976 (0x0000000000678000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 24/11/2018 4:08:31 AM
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (10684,D,17) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 6782976 (0x0000000000678000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (17 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 23/11/2018 7:21:51 PM
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (13100,D,0) Unistore: A request to read from the file "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" at offset 3678208 (0x0000000000382000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
 
Then I ran Process Explorer. This is the Log: (Registry2 filename)
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
ApplicationFrameHost.exe 9,172 K 28,980 K 2112 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
atieclxx.exe 2,416 K 9,380 K 1916 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atiesrxx.exe 1,384 K 5,440 K 1872 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atiw.exe 2,656 K 9,952 K 9552 DDV ATI Graphics Worker Dell Inc. (Verified) Dell Inc
AvastBrowserCrashHandler.exe 1,952 K 284 K 9968 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o.
AvastBrowserCrashHandler64.exe 1,852 K 332 K 10072 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o.
BDAppHost.exe 4,264 K 12,328 K 11228 BDAppHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDRuntimeHost.exe 14,228 K 28,600 K 1020 BDRuntimeHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDSurrogateHost.exe 2,336 K 10,404 K 9156 BDSurrogateHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BingDesktop.exe 7,740 K 24,924 K 9772 Bing Desktop Application Microsoft Corp. (Verified) Microsoft Corporation
browser_broker.exe 1,972 K 9,028 K 7944 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 4,040 K 11,684 K 9908 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,396 K 9,104 K 9488 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 52,236 K 57,608 K 7804 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 32,016 K 43,440 K 7808 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 38,608 K 51,132 K 10396 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 42,964 K 54,152 K 4528 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,636 K 25,200 K 11040 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 42,604 K 53,800 K 9876 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 2,016 K 4,988 K 688 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
DDVCollectorSvcApi.exe 1,688 K 7,152 K 5788 Dell Data Vault Data Collector Service API Dell Inc. (Verified) Dell Inc
DDVDataCollector.exe 19,196 K 24,916 K 5560 Dell Data Vault Data Collector Service Dell Inc. (Verified) Dell Inc
DDVRulesProcessor.exe 16,820 K 13,272 K 10016 Dell Data Vault Rules Processor Dell Inc. (Verified) Dell Inc
dllhost.exe 3,528 K 11,236 K 6460 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1,644 K 3,512 K 1000 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 2,312 K 5,424 K 1096 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
GoogleCrashHandler.exe 1,876 K 188 K 1740 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1,792 K 268 K 700 Google Crash Handler Google Inc. (Verified) Google Inc
ibtsiva.exe 992 K 3,896 K 4004 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
igfxCUIService.exe 1,824 K 7,844 K 2372 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,700 K 13,504 K 6488 igfxEM Module Intel Corporation (Verified) Intel® pGFX
IntelCpHDCPSvc.exe 1,424 K 6,356 K 3996 Intel HD Graphics Drivers for Windows® Intel Corporation (Verified) Intel® pGFX
IntelCpHeciSvc.exe 1,440 K 6,264 K 4336 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel® pGFX
Memory Compression 32 K 4 K 2312
MicrosoftEdge.exe Suspended 22,288 K 62,748 K 7608 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
MSASCuiL.exe 1,996 K 9,136 K 5652 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 13,628 K 34,728 K 1424 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 12,096 K 32,276 K 9160 Notepad Microsoft Corporation (Verified) Microsoft Windows
OfficeHubTaskHost.exe Suspended 9,512 K 34,872 K 7448 Office Hub Task Host Microsoft Corporation (Verified) Microsoft Corporation
PresentationFontCache.exe 25,372 K 17,972 K 5504 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 4,736 K 10,376 K 11188 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Registry 12,328 K 34,552 K 96
RemindersServer.exe Suspended 2,608 K 13,196 K 8232 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,268 K 5,556 K 8348 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,872 K 11,668 K 5892 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,112 K 22,008 K 8060 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 8,432 K 29,816 K 7116 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 4,892 K 14,800 K 2856 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 8,296 K 29,208 K 7300 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 26,136 K 21,644 K 9092 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 66,216 K 136,444 K 7040 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 3,916 K 14,516 K 4064 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
sedsvc.exe 4,408 K 14,260 K 8712 sedsvc Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,052 K 9,548 K 876 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SettingSyncHost.exe 8,140 K 4,664 K 4832 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 2,232 K 4,372 K 7164 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe Suspended 46,812 K 109,448 K 6820 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 6,368 K 26,048 K 5352 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
SkypeApp.exe Suspended 158,636 K 164,124 K 8208 SkypeApp Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SkypeBackgroundHost.exe Suspended 1,964 K 11,560 K 7496 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 516 K 1,140 K 492 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5,832 K 14,708 K 3664 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 996 K 3,584 K 1012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,192 K 9,268 K 1208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,488 K 10,684 K 1276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,748 K 7,256 K 1292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,152 K 14,692 K 1452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,612 K 5,496 K 1488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,728 K 10,340 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,840 K 7,676 K 1628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,680 K 6,492 K 1724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,852 K 7,164 K 1788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,240 K 9,052 K 2304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,960 K 7,320 K 2412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,772 K 6,776 K 2420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,968 K 8,992 K 2520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,156 K 9,888 K 2724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,004 K 7,560 K 3716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,844 K 6,608 K 4056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,640 K 6,080 K 4072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,356 K 5,152 K 4080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,344 K 4,968 K 4328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,580 K 12,248 K 4412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,328 K 11,504 K 4684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,596 K 6,988 K 3252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,736 K 7,996 K 5276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,284 K 10,392 K 7764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,444 K 23,208 K 8684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,668 K 8,164 K 5720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,220 K 7,332 K 8592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,200 K 8,572 K 12192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,544 K 5,652 K 12656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,736 K 5,800 K 11664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,244 K 13,204 K 7152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,340 K 5,328 K 2180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,612 K 13,616 K 4024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,324 K 16,864 K 1220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,600 K 8,260 K 1964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,700 K 9,716 K 7776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,264 K 8,172 K 2840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,016 K 6,968 K 3012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,520 K 6,116 K 12932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 16,024 K 25,976 K 3112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,692 K 8,996 K 2208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,048 K 11,136 K 1332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,252 K 12,260 K 2696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,640 K 15,480 K 5832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,748 K 6,244 K 2836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,184 K 9,420 K 2576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,464 K 8,696 K 11436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,596 K 19,952 K 4088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,488 K 12,400 K 2828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,168 K 18,228 K 1776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,340 K 17,540 K 1716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,028 K 7,356 K 2192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,844 K 21,560 K 5380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,196 K 6,644 K 4248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,348 K 26,656 K 4032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,376 K 8,444 K 4172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,212 K 14,196 K 3088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,296 K 32,716 K 5460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,328 K 7,208 K 2032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,096 K 21,080 K 7508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,228 K 14,964 K 8244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,124 K 12,752 K 536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 13,508 K 30,308 K 396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,644 K 11,660 K 2052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SystemSettingsBroker.exe 7,112 K 27,824 K 12556 System Settings Broker Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 6,600 K 16,500 K 5632 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TuneupSvc.exe 16,792 K 39,200 K 3244 Avast Cleanup Service AVAST Software (Verified) AVAST Software s.r.o.
TuneupUI.exe 13,272 K 37,324 K 1064 Avast Cleanup UI AVAST Software (Verified) AVAST Software s.r.o.
unsecapp.exe 1,784 K 7,104 K 8052 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,412 K 6,604 K 2892 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
Video.UI.exe Suspended 21,324 K 39,936 K 3000 (No signature was present in the subject)
WavesSysSvc64.exe 2,816 K 6,464 K 4016 WavesSysSvc Service Application Waves Audio Ltd. (Verified) Waves Inc
wininit.exe 1,380 K 5,916 K 800 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 2,408 K 9,772 K 1036 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 9,632 K 17,360 K 1260 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 2,292 K 11,228 K 3144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RuntimeBroker.exe < 0.01 2,164 K 9,004 K 9784 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 198,204 K 201,852 K 8316 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 10,228 K 19,332 K 812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 120,912 K 130,180 K 2172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WavesSvc64.exe < 0.01 1,424 K 6,564 K 636 Waves MaxxAudio Service Application Waves Audio Ltd. (Verified) Waves Inc
BDExtHost.exe < 0.01 2,316 K 10,200 K 10984 BDExtHost.exe Microsoft Corp. (Verified) Microsoft Corporation
TabTip.exe < 0.01 3,776 K 15,012 K 2264 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 21,660 K 28,884 K 4048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 5,828 K 17,444 K 2888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
aswidsagenta.exe 0.01 20,060 K 38,960 K 5588 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.01 2,800 K 7,700 K 640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CCleaner64.exe 0.01 12,616 K 29,032 K 9912 CCleaner Piriform Software Ltd (Verified) Piriform Software Ltd
lsass.exe 0.01 7,012 K 17,820 K 884 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
CLMLSvc_P2G8.exe 0.01 3,188 K 800 K 6656 CyberLink MediaLibrary Service CyberLink (Verified) CyberLink Corp.
ctfmon.exe 0.02 6,376 K 16,708 K 1836 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.03 106,632 K 39,976 K 3164 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
chrome.exe 0.03 34,476 K 43,916 K 10900 Google Chrome Google Inc. (Verified) Google Inc
ScreenHunter.exe 0.10 11,668 K 28,988 K 1548 ScreenHunter 6.0 Free Wisdom Software Inc. (Verified) Wisdom Software Inc.
FRST64 (1).exe 0.17 21,884 K 36,628 K 7428 Farbar Recovery Scan Tool Farbar (No signature was present in the subject) Farbar
explorer.exe 0.21 55,052 K 133,032 K 5936 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.24 10,396 K 19,348 K 4040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastUI.exe 0.41 23,552 K 40,348 K 10064 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
csrss.exe 0.42 2,544 K 5,636 K 808 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
System 0.48 192 K 1,396 K 4
Taskmgr.exe 0.58 28,612 K 53,660 K 13076 Task Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.64 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.81 66,036 K 89,360 K 1160 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 1.11 80,152 K 100,044 K 8764 Google Chrome Google Inc. (Verified) Google Inc
WmiPrvSE.exe 1.21 9,440 K 16,352 K 120 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 1.31 137,492 K 160,620 K 384 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1.32 99,480 K 121,096 K 9244 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1.90 139,884 K 202,848 K 10056 Google Chrome Google Inc. (Verified) Google Inc
procexp64.exe 3.86 32,036 K 65,288 K 2976 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 85.07 52 K 8 K 0
 
Here are the Farbar Logs:
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by kebli (administrator) on DESKTOP-O8A2EKO (09-12-2018 14:33:24)
Running from C:\Users\kebli\Desktop\malwarefight
Loaded Profiles: kebli (Available Profiles: kebli)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\kebli\Desktop\malwarefight\FRST64 (1).exe
(Sysinternals - www.sysinternals.com) C:\Users\kebli\Desktop\malwarefight\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\kebli\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\kebli\Desktop\malwarefight\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5786576 2015-06-24] (Dell Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6629480 2016-06-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-23] (AVAST Software)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
IFEO\cmslauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcctrayapp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\deliverytray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dell help & support.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\delluptray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\g2minstaller.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\g2mtranscoder.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\isoviewer8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pdr12.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\power2go8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerdvd12.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\productregistration.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\rtkngui64.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\smartbytediagnostics.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\supportassistinstaller.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-08-02]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{cbdb64e4-631a-4bcb-bfd3-3b89faa0d84a}: [DhcpNameServer] 192.168.43.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
 
FireFox:
========
FF DefaultProfile: bs6lengf.default
FF ProfilePath: C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default [2018-12-09]
FF Homepage: Mozilla\Firefox\Profiles\bs6lengf.default -> |hxxps://www.yahoo.com/
FF Extension: (Avast SafePrice) - C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\Extensions\[email protected] [2018-04-14]
FF Extension: (Avast Online Security) - C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\Extensions\[email protected] [2018-08-02]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\searchplugins\McSiteAdvisor.xml [2018-03-05]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4169369895-2292233020-3573544003-1001: @citrixonline.com/appdetectorplugin -> C:\Users\kebli\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-4169369895-2292233020-3573544003-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kebli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default [2018-12-09]
CHR Extension: (Slides) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Google Search) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-11-16]
CHR Extension: (Sheets) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Supernova) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Avast Online Security) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-03]
CHR Extension: (Yahoo Partner) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm [2018-06-07]
CHR Extension: (Oberlo - Aliexpress.com Product Importer) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmanipjnbjnhoicdnooapcnfonebefel [2018-11-26]
CHR Extension: (WeatherBug) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-06]
CHR HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-23] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-08] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-23] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-08] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-11-23] (AVAST Software)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-11-01] (AVAST Software)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S4 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe [935744 2018-07-16] (PC-Doctor, Inc.)
S4 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
S4 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\elevation_service.exe [443872 2018-11-30] (Google Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
S4 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
S4 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (CloudBees, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
S4 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [45016 2018-07-08] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-11-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-11-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-11-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-11-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-11-23] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-02] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-11-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-11-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-11-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-11-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-11-23] (AVAST Software)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-21] (Bluestack System Inc. )
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks, LLC.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-09 14:32 - 2018-12-09 14:32 - 000020599 _____ C:\Users\kebli\Desktop\Registry2.txt
2018-12-09 14:25 - 2018-12-09 14:25 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-12-09 14:22 - 2018-12-09 14:22 - 000015271 _____ C:\Users\kebli\Desktop\VEW2.txt
2018-12-09 14:19 - 2018-12-09 14:19 - 000017942 _____ C:\Users\kebli\Desktop\VEW1.txt
2018-12-09 14:18 - 2018-12-09 14:21 - 000015271 _____ C:\VEW.txt
2018-12-09 14:08 - 2018-12-09 14:08 - 000061440 _____ ( ) C:\Users\kebli\Desktop\VEW.exe
2018-12-09 13:04 - 2018-12-09 13:05 - 000000000 ____D C:\Users\kebli\AppData\Local\D3DSCache
2018-12-08 12:11 - 2018-12-08 12:12 - 000277352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-05 19:17 - 2018-12-09 14:23 - 000000000 ____D C:\Users\kebli\Desktop\malwarefight
2018-11-23 21:44 - 2018-11-23 21:43 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-11-13 13:04 - 2018-11-01 05:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-13 13:04 - 2018-11-01 03:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 13:04 - 2018-11-01 03:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 13:04 - 2018-11-01 01:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-13 13:04 - 2018-11-01 01:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-13 13:04 - 2018-11-01 01:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-13 13:04 - 2018-10-31 22:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-13 13:04 - 2018-10-31 22:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-13 13:04 - 2018-10-21 07:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-13 13:03 - 2018-11-01 05:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-13 13:03 - 2018-11-01 05:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 13:03 - 2018-11-01 05:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-13 13:03 - 2018-11-01 05:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 13:03 - 2018-11-01 05:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-13 13:03 - 2018-11-01 05:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-13 13:03 - 2018-11-01 05:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-13 13:03 - 2018-11-01 05:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 13:03 - 2018-11-01 05:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-13 13:03 - 2018-11-01 05:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 13:03 - 2018-11-01 05:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-13 13:03 - 2018-11-01 05:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-13 13:03 - 2018-11-01 05:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 13:03 - 2018-11-01 05:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-13 13:03 - 2018-11-01 05:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-13 13:03 - 2018-11-01 05:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-13 13:03 - 2018-11-01 04:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 13:03 - 2018-11-01 03:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-13 13:03 - 2018-11-01 03:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-13 13:03 - 2018-11-01 03:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-13 13:03 - 2018-11-01 03:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-13 13:03 - 2018-11-01 03:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-13 13:03 - 2018-11-01 01:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-13 13:03 - 2018-11-01 01:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-13 13:03 - 2018-11-01 01:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-13 13:03 - 2018-11-01 01:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-13 13:03 - 2018-11-01 01:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-13 13:03 - 2018-11-01 01:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-13 13:03 - 2018-11-01 01:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-13 13:03 - 2018-11-01 01:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-13 13:03 - 2018-11-01 01:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-13 13:03 - 2018-11-01 01:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-13 13:03 - 2018-11-01 01:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-13 13:03 - 2018-11-01 01:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-13 13:03 - 2018-11-01 01:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-13 13:03 - 2018-11-01 01:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-13 13:03 - 2018-11-01 01:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-13 13:03 - 2018-11-01 01:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-13 13:03 - 2018-11-01 01:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-13 13:03 - 2018-11-01 00:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-13 13:03 - 2018-11-01 00:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-13 13:03 - 2018-10-31 23:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-13 13:03 - 2018-10-31 23:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-13 13:03 - 2018-10-31 22:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-13 13:03 - 2018-10-31 22:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-13 13:03 - 2018-10-31 22:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-13 13:03 - 2018-10-31 22:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-13 13:03 - 2018-10-31 22:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-13 13:03 - 2018-10-31 22:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-13 13:03 - 2018-10-31 22:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-13 13:03 - 2018-10-31 22:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-13 13:03 - 2018-10-31 22:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-13 13:03 - 2018-10-31 22:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-13 13:03 - 2018-10-21 07:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-13 13:03 - 2018-10-21 07:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-13 13:03 - 2018-10-21 07:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-13 13:03 - 2018-10-21 07:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-13 13:03 - 2018-10-21 06:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-13 13:03 - 2018-10-21 06:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-13 13:03 - 2018-10-21 06:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-13 13:03 - 2018-10-21 06:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-13 13:03 - 2018-10-21 06:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-13 13:03 - 2018-10-21 06:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-13 13:03 - 2018-10-21 06:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-13 13:03 - 2018-10-21 06:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-13 13:03 - 2018-10-21 05:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-13 13:03 - 2018-10-21 05:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-13 13:03 - 2018-10-21 05:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-13 13:03 - 2018-10-21 05:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-13 13:03 - 2018-10-21 05:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-13 13:03 - 2018-10-21 05:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-13 13:03 - 2018-10-21 05:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-13 13:03 - 2018-10-21 05:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-13 13:03 - 2018-10-21 05:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-13 13:03 - 2018-10-21 03:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-13 13:03 - 2018-10-21 02:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-13 13:03 - 2018-10-21 01:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-13 13:03 - 2018-10-21 01:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-13 13:03 - 2018-10-21 01:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-13 13:03 - 2018-10-21 01:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-13 13:03 - 2018-10-21 01:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-13 13:03 - 2018-10-21 01:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-13 13:03 - 2018-10-21 01:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-13 13:03 - 2018-10-21 01:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-13 13:03 - 2018-10-21 01:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-13 13:03 - 2018-10-21 01:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-13 13:03 - 2018-10-21 01:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-13 13:03 - 2018-10-21 01:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-13 13:03 - 2018-10-21 01:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-13 13:03 - 2018-10-21 01:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-13 13:03 - 2018-10-21 01:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-13 13:03 - 2018-10-21 01:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-13 13:03 - 2018-10-21 01:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-13 13:03 - 2018-10-21 01:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-13 13:03 - 2018-10-21 01:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-13 13:03 - 2018-10-21 00:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-13 13:03 - 2018-10-21 00:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-13 13:03 - 2018-10-20 23:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-13 13:03 - 2018-10-20 23:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-13 13:03 - 2018-04-27 22:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-09 14:33 - 2015-11-23 15:23 - 000000000 ____D C:\FRST
2018-12-09 14:19 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-09 14:15 - 2017-06-10 15:16 - 000000000 ____D C:\Users\kebli\Desktop\Pics Jun10 2017
2018-12-09 14:11 - 2015-10-30 21:50 - 000000000 ____D C:\Users\kebli\AppData\Local\VirtualStore
2018-12-09 13:38 - 2018-08-02 22:59 - 000000000 ____D C:\Users\kebli\AppData\Local\AVAST Software
2018-12-09 13:35 - 2015-11-01 00:26 - 000002217 _____ C:\Users\kebli\Desktop\ScreenHunter 6.0 Free.lnk
2018-12-09 13:34 - 2018-08-04 01:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-09 13:34 - 2015-10-30 21:50 - 000000000 __SHD C:\Users\kebli\IntelGraphicsProfiles
2018-12-09 13:33 - 2018-04-11 15:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-12-09 13:30 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-09 13:11 - 2018-08-04 01:20 - 000003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-12-09 13:11 - 2018-08-04 01:20 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-12-09 13:11 - 2018-08-04 01:20 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-09 13:11 - 2018-08-04 01:20 - 000003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8E32CCF5-6C3B-4761-B98F-5E7BA2CFD104}
2018-12-09 13:11 - 2018-08-04 01:20 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-09 13:11 - 2018-08-04 01:20 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-12-09 13:11 - 2018-08-04 01:20 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-12-09 13:11 - 2018-08-04 01:20 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4169369895-2292233020-3573544003-1001
2018-12-09 13:11 - 2018-08-04 01:20 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-12-09 13:11 - 2018-08-04 01:20 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-12-09 13:11 - 2018-08-04 01:20 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-12-09 13:11 - 2018-08-04 01:20 - 000002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2018-12-09 13:11 - 2018-08-04 01:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-12-09 11:33 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-12-09 11:31 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-08 22:49 - 2018-08-04 00:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-08 12:28 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-08 11:33 - 2018-09-10 00:22 - 000000000 ____D C:\Users\kebli\AppData\Local\CrashDumps
2018-12-08 11:33 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-07 19:31 - 2018-08-04 01:20 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-12-07 13:48 - 2017-09-29 05:23 - 000000000 ____D C:\Program Files\rempl
2018-12-06 14:12 - 2018-01-16 06:02 - 000000000 ____D C:\Users\kebli\AppData\Local\Packages
2018-12-06 13:12 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-06 01:36 - 2018-08-04 01:09 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-06 01:26 - 2018-08-04 01:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-12-06 01:26 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-12-06 01:25 - 2018-01-15 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-12-06 01:23 - 2015-10-30 00:28 - 000000000 ____D C:\Users\Default.migrated
2018-12-05 21:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-05 21:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-12-05 02:01 - 2017-11-21 18:28 - 000000000 ____D C:\Users\kebli\Desktop\New folder
2018-12-04 17:18 - 2015-10-31 13:32 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-03 11:55 - 2018-08-04 00:56 - 000002369 _____ C:\Users\kebli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-03 11:55 - 2015-10-30 21:54 - 000000000 ___RD C:\Users\kebli\OneDrive
2018-11-30 22:01 - 2018-10-09 16:53 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-30 22:01 - 2018-10-09 16:53 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-29 13:01 - 2015-12-05 22:50 - 000000000 ____D C:\Program Files\CCleaner
2018-11-26 08:16 - 2018-06-10 20:45 - 000239840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-11-23 21:44 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-23 21:43 - 2018-10-23 18:10 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 001028680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000380464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000346592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000230344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000208472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000201768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000201240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000163208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000111800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000087432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000059496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000046384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-11-22 20:35 - 2018-09-08 11:15 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-14 17:45 - 2015-12-13 14:19 - 000000000 ___RD C:\Users\kebli\3D Objects
2018-11-14 17:45 - 2015-09-18 06:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-13 13:01 - 2015-10-31 00:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 13:00 - 2015-10-31 00:04 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-11-02 19:34 - 2015-11-02 19:34 - 000007679 _____ () C:\Users\kebli\AppData\Local\Resmon.ResmonCfg
2018-04-29 00:09 - 2018-04-29 00:09 - 000000000 _____ () C:\Users\kebli\AppData\Local\{062078D9-1EAA-4A27-95D5-40AB4E70E42C}
 
Some files in TEMP:
====================
2018-12-09 14:25 - 2018-12-09 14:25 - 001458856 _____ (Sysinternals - www.sysinternals.com) C:\Users\kebli\AppData\Local\Temp\procexp64.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-04 00:49
 
==================== End of FRST.txt ============================
 
 
Addition.txt:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by kebli (09-12-2018 14:34:06)
Running from C:\Users\kebli\Desktop\malwarefight
Windows 10 Home Version 1803 17134.407 (X64) (2018-08-04 07:22:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4169369895-2292233020-3573544003-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4169369895-2292233020-3573544003-503 - Limited - Disabled)
Guest (S-1-5-21-4169369895-2292233020-3573544003-501 - Limited - Disabled)
kebli (S-1-5-21-4169369895-2292233020-3573544003-1001 - Administrator - Enabled) => C:\Users\kebli
WDAGUtilityAccount (S-1-5-21-4169369895-2292233020-3573544003-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.103 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{0C38D1A4-B2FC-9703-654C-C3CEDE4DD225}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{9D9CC4B0-405C-95D6-85B4-B3E4DED01E79}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{788D0DCB-713D-0D8B-F9E5-309796862274}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ED6D0FE7-E572-056E-E087-927C61F2F973}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{15C29BF4-9899-2B62-BE66-A057FC05C852}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{56579888-062A-6054-F513-5958047648F9}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{06EEBF74-32C6-55E5-79A2-E0FA28ADC5CA}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{1A8158BF-DCAA-2D9B-E8CB-F252678A1557}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{D1529DEC-48D9-4F14-F042-2011314AABC7}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD4CE883-EDD3-984B-CFAE-B9E190018BFD}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3067917D-AC97-570E-0049-68C6A15D5019}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D3E58012-AA11-3DA3-25CA-3CA7608A59CB}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EBC01D33-F6E9-E89D-E263-8FB9779150A5}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{FB9B68B2-E77D-C0AE-5756-71C8E08281C8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D1A67704-6B9D-25E8-5E72-F240BB3346E8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{498599FF-B5B8-A5FB-54EC-4247CD0B7FFD}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{2B59B1BD-9332-9BB4-4248-742DFEC3246B}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{35B691C1-B888-FF22-E681-AA8436C4A616}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{5C4BCFAC-2BE2-90FB-5A6A-36F0BEF43995}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3E3AFE36-070E-CCA8-0B43-84A62BC019B7}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{E170E54E-94CD-6F2E-6D79-E2DDEEBFD8C8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{B1714996-891A-43D2-8B83-CCFB2EC53978}) (Version: 2.3.3800.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{4CB4741A-20C1-454E-8276-993D06A76D67}) (Version: 2.2.3.2 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4590 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8431b7d7-59d1-4f45-8212-a2eac049528f}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.1 (x86 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF-XChange Editor (HKLM\...\{3D1987D7-5A88-4DDA-9D29-6977AE2BDBD0}) (Version: 5.5.316.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (HKLM-x32\...\{3475c0cd-7dee-4863-ac1d-57cb530ee125}) (Version: 5.5.315.0 - Tracker Software Products (Canada) Ltd.)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
PX Profile Update (HKLM-x32\...\{0D5E5C9A-84C2-D3E9-30EE-1836BA479E0E}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{95145542-659F-1C89-B424-518BBC7F7556}) (Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.007 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
System Requirements Lab Detection (HKLM-x32\...\{4610FE53-898B-43AE-9F05-6262FB165BFF}) (Version: 6.1.6.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxDTCM.dll [2018-03-22] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000B1C89-7735-4CCD-BA1D-66EE33C841DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {0176B90D-7670-48E5-B03F-EC2404C53E1B} - System32\Tasks\G2MUploadTask-S-1-5-21-4169369895-2292233020-3573544003-1001 => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0C21F844-69B2-4064-8B4B-43EA2771B535} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {14F0A37B-4697-4FF4-B1E8-E3BF48519126} - System32\Tasks\G2MUpdateTask-S-1-5-21-4169369895-2292233020-3573544003-1001 => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4B5E2BD5-AAF9-4DC6-8E7D-70C3F8A9780A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {58A89388-FA2B-415E-B94D-4FDF62D4EDC4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-23] (AVAST Software)
Task: {5EB2329D-A9AC-47A9-8B12-FBB089041235} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7AB9AF15-DDD2-42A5-9081-81F209F0F841} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {7CAF98D8-D452-4F00-A057-C4277ED4B3C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {81D84FBA-E575-497A-924B-6C521478A2AC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-08] (AVAST Software)
Task: {875F5410-5C87-45CE-83DB-1F20D4F543D4} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-11-01] (AVAST Software)
Task: {8AA65B27-46A5-4A8D-A718-4996ADE6236A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {9D89E7D5-A194-4FE5-BDBA-2440FB4CDCC8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A3ABC667-4B93-439F-A425-87FF506C71D9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-08] (AVAST Software)
Task: {A7A795F2-6109-480E-8441-8CAE52FE62AA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {BF2724D9-F313-44E7-AE51-86251CC2F52F} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-03-20] (DELL)
Task: {C0A1125D-9966-4758-B2B4-6DB986483CBA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {C0CB6929-A415-4B65-995E-3179DC9B4FA6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {D3526ADC-380F-4689-B5D5-D0859365B6A7} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-08] (AVAST Software)
Task: {DB740AE1-0B55-4318-B667-0F4B5EE68F79} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {ECC12274-BB53-4C38-8716-9D7A8EF92C4C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-07-08] (Dell Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Dell Product Registration.job => cmd /c sc start Dell Product RegistrationWORKGROUP DESKTOP O8A2EKO
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4169369895-2292233020-3573544003-1001.job => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4169369895-2292233020-3573544003-1001.job => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP O8A2EKO
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\kebli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WeatherBug.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-08-02 12:43 - 2018-08-02 12:44 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-12-06 14:09 - 2018-12-06 14:20 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-06 14:09 - 2018-12-06 14:20 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-15 17:47 - 2018-10-15 17:48 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-06 14:09 - 2018-12-06 14:11 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-06 14:09 - 2018-12-06 14:13 - 010885632 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-12-06 14:09 - 2018-12-06 14:20 - 002850816 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\skypert.dll
2018-12-06 14:09 - 2018-12-06 14:16 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-10-26 13:40 - 2018-10-26 13:43 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-10-26 13:40 - 2018-10-26 13:42 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-26 13:40 - 2018-10-26 13:41 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 15:09 - 2017-09-27 01:55 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-26 13:40 - 2018-10-26 13:42 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-11-28 10:11 - 2018-11-28 10:11 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-12-04 17:18 - 2018-11-30 16:34 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\libglesv2.dll
2018-12-04 17:18 - 2018-11-30 16:34 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\libegl.dll
2015-09-18 05:08 - 2014-12-08 01:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 16:28 - 2014-12-08 16:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2018-08-02 11:37 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2018-03-25 21:49 - 2018-03-25 21:49 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-23 21:43 - 2018-11-23 21:43 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-25 15:29 - 2014-09-05 10:55 - 000132808 _____ () C:\Users\kebli\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 05:04 - 2018-12-06 01:34 - 000000908 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kebli\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\60026.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6B1A5332-A410-46F7-994D-677207100D5B}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{E6A9D94A-8D1B-43F2-B49D-72E241F7FE63}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1A2BC681-080C-4C2A-8FAB-126EEEBEDBA7}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4A2DB286-62AF-4F6B-84A6-F65F7DBBAD66}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{029F1ADF-BFDA-47A4-BA8E-21F09A6DAFD9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{B5B4CDFB-75CE-49A9-8803-FC52EA41D3F6}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{9B12F191-6A81-41BC-9176-D8CC1BEA4F9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6426F3C1-7131-4E45-ACFC-80BF99EAA8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F74A86C-70F4-4EA7-A37C-5AD3921A2D6E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{C15CB803-5944-48CF-9B35-FCFC9BFFF32B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{693D2FE8-55BD-4A44-A766-CA1B09E72BFA}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{9F08464B-CAC7-4891-B3A4-2A7C01A5BE34}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{55784381-C8D3-4836-AB26-AB1BA0C5ACE0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{91BEEA0E-5551-4655-951A-955EF242E5A0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BB8A871C-2BE8-42C4-8887-096CBCE5890F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1280E18B-404C-4118-AAA2-F4BEB5A0426D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
20-11-2018 17:43:19 Scheduled Checkpoint
30-11-2018 14:21:10 Scheduled Checkpoint
07-12-2018 13:47:59 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/09/2018 01:33:29 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (12/09/2018 01:46:14 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (12/08/2018 10:19:47 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (12/08/2018 10:19:47 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (12/08/2018 09:34:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (12/08/2018 09:34:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (12/08/2018 12:12:07 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (12/08/2018 12:10:58 PM) (Source: ATIeRecord) (EventID: 16390) (User: )
Description: ATI EEU waiting for an event has failed
 
 
System errors:
=============
Error: (12/09/2018 01:44:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/09/2018 01:38:09 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/09/2018 01:37:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/09/2018 01:36:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/09/2018 01:34:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/09/2018 01:34:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/09/2018 01:19:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/09/2018 11:35:58 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-09-13 23:06:17.908
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:17.873
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:16.102
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:16.072
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:16.033
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:16.001
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:14.770
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-09-13 23:06:14.646
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 16275.82 MB
Available physical RAM: 11811.21 MB
Total Virtual: 18707.82 MB
Available Virtual: 14431.75 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1848.78 GB) (Free:1742.84 GB) NTFS
 
\\?\Volume{917e8194-70b2-42bd-bd7c-b170ba134d78}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS
\\?\Volume{79049588-dba9-4c83-be42-a01776ed46db}\ (Image) (Fixed) (Total:12.78 GB) (Free:0.92 GB) NTFS
\\?\Volume{67692ed4-4711-4932-9712-3240e2999db2}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 61408B0D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 
 

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   304bytes   6 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

You may need a newer version of your AMD or Catalyst software.

https://www.amd.com/...faq/ccc-install


  • 0

#9
Win10Enthusiast

Win10Enthusiast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello RKinner. Thanks for your reply and for your time.

 

I downloaded the fixlist. I ran FRST and I pressed Fix.

FRST rebooted my laptop.

 

Here is the fix log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by kebli (10-12-2018 13:29:46) Run:1
Running from C:\Users\kebli\Desktop
Loaded Profiles: kebli (Available Profiles: kebli)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
 
 
 
 
*****************
 
Could not move "C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol" => Scheduled to move on reboot.
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Intel-SST-CFD-HDA/IntelSST. The instance name passed was not recognized as valid by a WMI data provider.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-12-2018 13:33:41)
 
C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol => Is moved successfully
 
==== End of Fixlog 13:33:41 ====
 
 
I ran FRST again, as before. 
 
Here is the FRST log:
 
Ran by kebli (administrator) on DESKTOP-O8A2EKO (10-12-2018 13:38:51)
Running from C:\Users\kebli\Desktop
Loaded Profiles: kebli (Available Profiles: kebli)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\kebli\Desktop\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5786576 2015-06-24] (Dell Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6629480 2016-06-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-23] (AVAST Software)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
IFEO\bingdesktop.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\cmslauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcctrayapp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\deliverytray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dell help & support.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\delluptray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\g2minstaller.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\g2mtranscoder.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\isoviewer8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pdr12.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\power2go8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerdvd12.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\productregistration.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\rtkngui64.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\smartbytediagnostics.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\supportassistinstaller.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-08-02]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{cbdb64e4-631a-4bcb-bfd3-3b89faa0d84a}: [DhcpNameServer] 192.168.43.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
 
FireFox:
========
FF DefaultProfile: bs6lengf.default
FF ProfilePath: C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default [2018-12-10]
FF Homepage: Mozilla\Firefox\Profiles\bs6lengf.default -> |hxxps://www.yahoo.com/
FF Extension: (Avast SafePrice) - C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\Extensions\[email protected] [2018-04-14]
FF Extension: (Avast Online Security) - C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\Extensions\[email protected] [2018-08-02]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\searchplugins\McSiteAdvisor.xml [2018-03-05]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4169369895-2292233020-3573544003-1001: @citrixonline.com/appdetectorplugin -> C:\Users\kebli\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-4169369895-2292233020-3573544003-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kebli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default [2018-12-10]
CHR Extension: (Slides) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Google Search) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-11-16]
CHR Extension: (Sheets) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Supernova) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Avast Online Security) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-03]
CHR Extension: (Yahoo Partner) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm [2018-06-07]
CHR Extension: (Oberlo - Aliexpress.com Product Importer) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmanipjnbjnhoicdnooapcnfonebefel [2018-11-26]
CHR Extension: (WeatherBug) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-06]
CHR HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-23] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-08] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-23] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-08] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-11-23] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-11-01] (AVAST Software)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
U2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S4 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe [935744 2018-07-16] (PC-Doctor, Inc.)
S4 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
S4 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\elevation_service.exe [443872 2018-11-30] (Google Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
S4 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
S4 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (CloudBees, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
S4 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [45016 2018-07-08] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-11-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-11-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-11-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-11-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-11-23] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-02] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-11-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-11-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-11-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-11-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-11-23] (AVAST Software)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-21] (Bluestack System Inc. )
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks, LLC.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-10 13:38 - 2018-12-10 13:40 - 000022889 _____ C:\Users\kebli\Desktop\FRST.txt
2018-12-10 13:29 - 2018-12-10 13:33 - 000001335 _____ C:\Users\kebli\Desktop\Fixlog.txt
2018-12-09 14:48 - 2018-12-09 14:48 - 000069012 _____ C:\Users\kebli\Desktop\FRST2.txt
2018-12-09 14:48 - 2018-12-09 14:48 - 000043064 _____ C:\Users\kebli\Desktop\Addition2.txt
2018-12-09 14:25 - 2018-12-09 14:25 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-12-09 14:18 - 2018-12-09 14:21 - 000015271 _____ C:\VEW.txt
2018-12-09 13:04 - 2018-12-09 13:05 - 000000000 ____D C:\Users\kebli\AppData\Local\D3DSCache
2018-12-08 12:11 - 2018-12-08 12:12 - 000277352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-05 19:17 - 2018-12-10 13:28 - 000000000 ____D C:\Users\kebli\Desktop\malwarefight
2018-12-05 18:04 - 2018-12-09 14:23 - 002417152 _____ (Farbar) C:\Users\kebli\Desktop\FRST64 (1).exe
2018-11-23 21:44 - 2018-11-23 21:43 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-11-13 13:04 - 2018-11-01 05:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-13 13:04 - 2018-11-01 03:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 13:04 - 2018-11-01 03:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 13:04 - 2018-11-01 01:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-13 13:04 - 2018-11-01 01:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-13 13:04 - 2018-11-01 01:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-13 13:04 - 2018-10-31 22:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-13 13:04 - 2018-10-31 22:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-13 13:04 - 2018-10-21 07:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-13 13:03 - 2018-11-01 05:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-13 13:03 - 2018-11-01 05:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 13:03 - 2018-11-01 05:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-13 13:03 - 2018-11-01 05:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 13:03 - 2018-11-01 05:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-13 13:03 - 2018-11-01 05:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-13 13:03 - 2018-11-01 05:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-13 13:03 - 2018-11-01 05:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 13:03 - 2018-11-01 05:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-13 13:03 - 2018-11-01 05:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 13:03 - 2018-11-01 05:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-13 13:03 - 2018-11-01 05:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-13 13:03 - 2018-11-01 05:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 13:03 - 2018-11-01 05:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-13 13:03 - 2018-11-01 05:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-13 13:03 - 2018-11-01 05:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-13 13:03 - 2018-11-01 04:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 13:03 - 2018-11-01 03:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-13 13:03 - 2018-11-01 03:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-13 13:03 - 2018-11-01 03:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-13 13:03 - 2018-11-01 03:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-13 13:03 - 2018-11-01 03:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-13 13:03 - 2018-11-01 01:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-13 13:03 - 2018-11-01 01:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-13 13:03 - 2018-11-01 01:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-13 13:03 - 2018-11-01 01:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-13 13:03 - 2018-11-01 01:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-13 13:03 - 2018-11-01 01:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-13 13:03 - 2018-11-01 01:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-13 13:03 - 2018-11-01 01:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-13 13:03 - 2018-11-01 01:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-13 13:03 - 2018-11-01 01:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-13 13:03 - 2018-11-01 01:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-13 13:03 - 2018-11-01 01:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-13 13:03 - 2018-11-01 01:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-13 13:03 - 2018-11-01 01:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-13 13:03 - 2018-11-01 01:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-13 13:03 - 2018-11-01 01:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-13 13:03 - 2018-11-01 01:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-13 13:03 - 2018-11-01 00:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-13 13:03 - 2018-11-01 00:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-13 13:03 - 2018-10-31 23:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-13 13:03 - 2018-10-31 23:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-13 13:03 - 2018-10-31 22:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-13 13:03 - 2018-10-31 22:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-13 13:03 - 2018-10-31 22:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-13 13:03 - 2018-10-31 22:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-13 13:03 - 2018-10-31 22:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-13 13:03 - 2018-10-31 22:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-13 13:03 - 2018-10-31 22:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-13 13:03 - 2018-10-31 22:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-13 13:03 - 2018-10-31 22:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-13 13:03 - 2018-10-31 22:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-13 13:03 - 2018-10-21 07:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-13 13:03 - 2018-10-21 07:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-13 13:03 - 2018-10-21 07:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-13 13:03 - 2018-10-21 07:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-13 13:03 - 2018-10-21 06:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-13 13:03 - 2018-10-21 06:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-13 13:03 - 2018-10-21 06:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-13 13:03 - 2018-10-21 06:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-13 13:03 - 2018-10-21 06:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-13 13:03 - 2018-10-21 06:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-13 13:03 - 2018-10-21 06:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-13 13:03 - 2018-10-21 06:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-13 13:03 - 2018-10-21 05:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-13 13:03 - 2018-10-21 05:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-13 13:03 - 2018-10-21 05:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-13 13:03 - 2018-10-21 05:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-13 13:03 - 2018-10-21 05:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-13 13:03 - 2018-10-21 05:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-13 13:03 - 2018-10-21 05:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-13 13:03 - 2018-10-21 05:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-13 13:03 - 2018-10-21 05:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-13 13:03 - 2018-10-21 03:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-13 13:03 - 2018-10-21 02:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-13 13:03 - 2018-10-21 01:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-13 13:03 - 2018-10-21 01:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-13 13:03 - 2018-10-21 01:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-13 13:03 - 2018-10-21 01:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-13 13:03 - 2018-10-21 01:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-13 13:03 - 2018-10-21 01:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-13 13:03 - 2018-10-21 01:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-13 13:03 - 2018-10-21 01:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-13 13:03 - 2018-10-21 01:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-13 13:03 - 2018-10-21 01:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-13 13:03 - 2018-10-21 01:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-13 13:03 - 2018-10-21 01:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-13 13:03 - 2018-10-21 01:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-13 13:03 - 2018-10-21 01:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-13 13:03 - 2018-10-21 01:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-13 13:03 - 2018-10-21 01:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-13 13:03 - 2018-10-21 01:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-13 13:03 - 2018-10-21 01:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-13 13:03 - 2018-10-21 01:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-13 13:03 - 2018-10-21 00:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-13 13:03 - 2018-10-21 00:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-13 13:03 - 2018-10-20 23:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-13 13:03 - 2018-10-20 23:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-13 13:03 - 2018-04-27 22:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-10 13:38 - 2015-11-23 15:23 - 000000000 ____D C:\FRST
2018-12-10 13:36 - 2018-08-02 22:59 - 000000000 ____D C:\Users\kebli\AppData\Local\AVAST Software
2018-12-10 13:34 - 2015-10-30 21:52 - 000000000 ____D C:\Users\kebli\AppData\Local\Comms
2018-12-10 13:33 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-10 13:33 - 2015-10-30 21:50 - 000000000 __SHD C:\Users\kebli\IntelGraphicsProfiles
2018-12-10 13:32 - 2018-08-04 01:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-10 13:31 - 2018-04-11 15:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-12-10 13:24 - 2018-08-04 01:20 - 000003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-12-10 13:24 - 2018-08-04 01:20 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-12-10 13:24 - 2018-08-04 01:20 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-10 13:24 - 2018-08-04 01:20 - 000003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8E32CCF5-6C3B-4761-B98F-5E7BA2CFD104}
2018-12-10 13:24 - 2018-08-04 01:20 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-10 13:24 - 2018-08-04 01:20 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-12-10 13:24 - 2018-08-04 01:20 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-12-10 13:24 - 2018-08-04 01:20 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4169369895-2292233020-3573544003-1001
2018-12-10 13:24 - 2018-08-04 01:20 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-12-10 13:24 - 2018-08-04 01:20 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-12-10 13:24 - 2018-08-04 01:20 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-12-10 13:24 - 2018-08-04 01:20 - 000002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2018-12-10 13:24 - 2018-08-04 01:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-12-10 12:39 - 2018-08-04 00:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-10 11:25 - 2017-06-10 15:16 - 000000000 ____D C:\Users\kebli\Desktop\Pics Jun10 2017
2018-12-10 10:58 - 2015-11-01 00:26 - 000002217 _____ C:\Users\kebli\Desktop\ScreenHunter 6.0 Free.lnk
2018-12-10 00:59 - 2017-11-21 18:28 - 000000000 ____D C:\Users\kebli\Desktop\New folder
2018-12-09 14:11 - 2015-10-30 21:50 - 000000000 ____D C:\Users\kebli\AppData\Local\VirtualStore
2018-12-09 13:30 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-09 11:33 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-12-09 11:31 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-08 12:28 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-08 11:33 - 2018-09-10 00:22 - 000000000 ____D C:\Users\kebli\AppData\Local\CrashDumps
2018-12-08 11:33 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-07 19:31 - 2018-08-04 01:20 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-12-07 13:48 - 2017-09-29 05:23 - 000000000 ____D C:\Program Files\rempl
2018-12-06 14:12 - 2018-01-16 06:02 - 000000000 ____D C:\Users\kebli\AppData\Local\Packages
2018-12-06 13:12 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-06 01:36 - 2018-08-04 01:09 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-06 01:26 - 2018-08-04 01:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-12-06 01:26 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-12-06 01:25 - 2018-01-15 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-12-06 01:23 - 2015-10-30 00:28 - 000000000 ____D C:\Users\Default.migrated
2018-12-05 21:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-05 21:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-12-04 17:18 - 2015-10-31 13:32 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-03 11:55 - 2018-08-04 00:56 - 000002369 _____ C:\Users\kebli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-03 11:55 - 2015-10-30 21:54 - 000000000 ___RD C:\Users\kebli\OneDrive
2018-11-30 22:01 - 2018-10-09 16:53 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-30 22:01 - 2018-10-09 16:53 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-29 13:01 - 2015-12-05 22:50 - 000000000 ____D C:\Program Files\CCleaner
2018-11-26 08:16 - 2018-06-10 20:45 - 000239840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-11-23 21:44 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-23 21:43 - 2018-10-23 18:10 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 001028680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000380464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000346592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000230344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000208472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000201768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000201240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000163208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000111800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000087432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000059496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000046384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-11-22 20:35 - 2018-09-08 11:15 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-14 17:45 - 2015-12-13 14:19 - 000000000 ___RD C:\Users\kebli\3D Objects
2018-11-14 17:45 - 2015-09-18 06:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-13 13:01 - 2015-10-31 00:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 13:00 - 2015-10-31 00:04 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-11-02 19:34 - 2015-11-02 19:34 - 000007679 _____ () C:\Users\kebli\AppData\Local\Resmon.ResmonCfg
2018-04-29 00:09 - 2018-04-29 00:09 - 000000000 _____ () C:\Users\kebli\AppData\Local\{062078D9-1EAA-4A27-95D5-40AB4E70E42C}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-04 00:49
 
==================== End of FRST.txt ============================
 
 
 
 
 
Here is the Addition log:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by kebli (10-12-2018 13:41:43)
Running from C:\Users\kebli\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-08-04 07:22:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4169369895-2292233020-3573544003-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4169369895-2292233020-3573544003-503 - Limited - Disabled)
Guest (S-1-5-21-4169369895-2292233020-3573544003-501 - Limited - Disabled)
kebli (S-1-5-21-4169369895-2292233020-3573544003-1001 - Administrator - Enabled) => C:\Users\kebli
WDAGUtilityAccount (S-1-5-21-4169369895-2292233020-3573544003-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.103 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{0C38D1A4-B2FC-9703-654C-C3CEDE4DD225}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{9D9CC4B0-405C-95D6-85B4-B3E4DED01E79}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{788D0DCB-713D-0D8B-F9E5-309796862274}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ED6D0FE7-E572-056E-E087-927C61F2F973}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{15C29BF4-9899-2B62-BE66-A057FC05C852}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{56579888-062A-6054-F513-5958047648F9}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{06EEBF74-32C6-55E5-79A2-E0FA28ADC5CA}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{1A8158BF-DCAA-2D9B-E8CB-F252678A1557}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{D1529DEC-48D9-4F14-F042-2011314AABC7}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD4CE883-EDD3-984B-CFAE-B9E190018BFD}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3067917D-AC97-570E-0049-68C6A15D5019}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D3E58012-AA11-3DA3-25CA-3CA7608A59CB}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EBC01D33-F6E9-E89D-E263-8FB9779150A5}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{FB9B68B2-E77D-C0AE-5756-71C8E08281C8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D1A67704-6B9D-25E8-5E72-F240BB3346E8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{498599FF-B5B8-A5FB-54EC-4247CD0B7FFD}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{2B59B1BD-9332-9BB4-4248-742DFEC3246B}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{35B691C1-B888-FF22-E681-AA8436C4A616}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{5C4BCFAC-2BE2-90FB-5A6A-36F0BEF43995}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3E3AFE36-070E-CCA8-0B43-84A62BC019B7}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{E170E54E-94CD-6F2E-6D79-E2DDEEBFD8C8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{B1714996-891A-43D2-8B83-CCFB2EC53978}) (Version: 2.3.3800.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{4CB4741A-20C1-454E-8276-993D06A76D67}) (Version: 2.2.3.2 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4590 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8431b7d7-59d1-4f45-8212-a2eac049528f}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.1 (x86 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF-XChange Editor (HKLM\...\{3D1987D7-5A88-4DDA-9D29-6977AE2BDBD0}) (Version: 5.5.316.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (HKLM-x32\...\{3475c0cd-7dee-4863-ac1d-57cb530ee125}) (Version: 5.5.315.0 - Tracker Software Products (Canada) Ltd.)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
PX Profile Update (HKLM-x32\...\{0D5E5C9A-84C2-D3E9-30EE-1836BA479E0E}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{95145542-659F-1C89-B424-518BBC7F7556}) (Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.007 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
System Requirements Lab Detection (HKLM-x32\...\{4610FE53-898B-43AE-9F05-6262FB165BFF}) (Version: 6.1.6.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxDTCM.dll [2018-03-22] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000B1C89-7735-4CCD-BA1D-66EE33C841DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {0176B90D-7670-48E5-B03F-EC2404C53E1B} - System32\Tasks\G2MUploadTask-S-1-5-21-4169369895-2292233020-3573544003-1001 => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0C21F844-69B2-4064-8B4B-43EA2771B535} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {14F0A37B-4697-4FF4-B1E8-E3BF48519126} - System32\Tasks\G2MUpdateTask-S-1-5-21-4169369895-2292233020-3573544003-1001 => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4B5E2BD5-AAF9-4DC6-8E7D-70C3F8A9780A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {58A89388-FA2B-415E-B94D-4FDF62D4EDC4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-23] (AVAST Software)
Task: {5EB2329D-A9AC-47A9-8B12-FBB089041235} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7AB9AF15-DDD2-42A5-9081-81F209F0F841} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {7CAF98D8-D452-4F00-A057-C4277ED4B3C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {81D84FBA-E575-497A-924B-6C521478A2AC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-08] (AVAST Software)
Task: {875F5410-5C87-45CE-83DB-1F20D4F543D4} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-11-01] (AVAST Software)
Task: {8AA65B27-46A5-4A8D-A718-4996ADE6236A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {9D89E7D5-A194-4FE5-BDBA-2440FB4CDCC8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A3ABC667-4B93-439F-A425-87FF506C71D9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-08] (AVAST Software)
Task: {A7A795F2-6109-480E-8441-8CAE52FE62AA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {BF2724D9-F313-44E7-AE51-86251CC2F52F} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-03-20] (DELL)
Task: {C0A1125D-9966-4758-B2B4-6DB986483CBA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {C0CB6929-A415-4B65-995E-3179DC9B4FA6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {D3526ADC-380F-4689-B5D5-D0859365B6A7} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-08] (AVAST Software)
Task: {DB740AE1-0B55-4318-B667-0F4B5EE68F79} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {ECC12274-BB53-4C38-8716-9D7A8EF92C4C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-07-08] (Dell Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Dell Product Registration.job => cmd /c sc start Dell Product RegistrationWORKGROUP DESKTOP O8A2EKO
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4169369895-2292233020-3573544003-1001.job => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4169369895-2292233020-3573544003-1001.job => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP O8A2EKO
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\kebli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WeatherBug.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-01 15:03 - 2018-10-01 15:03 - 002959872 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2018-10-01 15:03 - 2018-10-01 15:03 - 000119808 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe\PeopleUtilRT.dll
2018-10-01 15:03 - 2018-10-01 15:03 - 009026560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.dll
2018-08-02 12:43 - 2018-08-02 12:44 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-09 09:42 - 2018-10-09 09:42 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-08-04 03:40 - 2018-08-04 03:40 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-08-04 03:40 - 2018-08-04 03:40 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-11-05 23:24 - 2018-11-05 23:24 - 000070144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-11-05 23:24 - 2018-11-05 23:24 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-10-15 17:47 - 2018-10-15 17:48 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-06 14:09 - 2018-12-06 14:11 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-06 14:09 - 2018-12-06 14:20 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-26 13:40 - 2018-10-26 13:43 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-10-26 13:40 - 2018-10-26 13:42 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-26 13:40 - 2018-10-26 13:41 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 15:09 - 2017-09-27 01:55 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-26 13:40 - 2018-10-26 13:42 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2015-05-29 17:12 - 2015-05-29 17:12 - 000505200 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2018-11-28 10:11 - 2018-11-28 10:11 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-12-04 17:18 - 2018-11-30 16:34 - 002682336 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\swiftshader\libglesv2.dll
2018-12-04 17:18 - 2018-11-30 16:34 - 000156640 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\swiftshader\libegl.dll
2018-08-02 11:37 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2015-09-18 05:08 - 2014-12-08 01:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2018-03-25 21:49 - 2018-03-25 21:49 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-23 21:43 - 2018-11-23 21:43 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 05:04 - 2018-12-06 01:34 - 000000908 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kebli\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\20788.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6B1A5332-A410-46F7-994D-677207100D5B}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{E6A9D94A-8D1B-43F2-B49D-72E241F7FE63}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1A2BC681-080C-4C2A-8FAB-126EEEBEDBA7}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4A2DB286-62AF-4F6B-84A6-F65F7DBBAD66}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{029F1ADF-BFDA-47A4-BA8E-21F09A6DAFD9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{B5B4CDFB-75CE-49A9-8803-FC52EA41D3F6}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{9B12F191-6A81-41BC-9176-D8CC1BEA4F9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6426F3C1-7131-4E45-ACFC-80BF99EAA8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F74A86C-70F4-4EA7-A37C-5AD3921A2D6E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{C15CB803-5944-48CF-9B35-FCFC9BFFF32B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{693D2FE8-55BD-4A44-A766-CA1B09E72BFA}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{9F08464B-CAC7-4891-B3A4-2A7C01A5BE34}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{55784381-C8D3-4836-AB26-AB1BA0C5ACE0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{91BEEA0E-5551-4655-951A-955EF242E5A0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BB8A871C-2BE8-42C4-8887-096CBCE5890F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1280E18B-404C-4118-AAA2-F4BEB5A0426D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
20-11-2018 17:43:19 Scheduled Checkpoint
30-11-2018 14:21:10 Scheduled Checkpoint
07-12-2018 13:47:59 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2018 01:34:13 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (8628,U,98) Unistore: Database recovery/restore failed with unexpected error -1216.
 
Error: (12/10/2018 01:34:13 PM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost (8628,U,98) Unistore: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
 
System errors:
=============
Error: (12/10/2018 01:42:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 01:37:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.
 
Error: (12/10/2018 01:37:04 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 01:36:36 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 01:36:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 01:34:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\kebli SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 01:34:27 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O8A2EKO)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 as Unavailable/Unavailable. The error:
"298"
Happened while starting this command:
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
 
Error: (12/10/2018 01:33:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 19%
Total physical RAM: 16275.82 MB
Available physical RAM: 13176.74 MB
Total Virtual: 18707.82 MB
Available Virtual: 15743.58 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1848.78 GB) (Free:1742.34 GB) NTFS
 
\\?\Volume{917e8194-70b2-42bd-bd7c-b170ba134d78}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS
\\?\Volume{79049588-dba9-4c83-be42-a01776ed46db}\ (Image) (Fixed) (Total:12.78 GB) (Free:0.92 GB) NTFS
\\?\Volume{67692ed4-4711-4932-9712-3240e2999db2}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 61408B0D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
I am looking over the AMD or Catalyst software page you listed above.
 
 
 
 
 
 

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP

Open an Elevated Command Prompt:

http://www.howtogeek...-in-windows-10/
 

 

Type:

net  user  administrator  /active:yes

Hit Enter

 

1. Log off from your account then log in as a built-in Administrator.

2. Open Elevated Command Prompt (Admin), type: 

esentutl  /p  C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol  /g

Hit Enter.

 

3. This will run integrity check and then (if error found) will run repair.

If it completes OK good.  If not report the error.

4.  Sign off from built-in admin, sign in to your account to check the result.

 

Reboot and rerun FRST scan with Addition.txt checked.


  • 0

Advertisements


#11
Win10Enthusiast

Win10Enthusiast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Thanks for your reply, RKinner. I hope you are having a nice day.

 

Here are the FRST and Addition logs:

 

 

FRST:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by KBen (administrator) on DESKTOP-O8A2EKO (10-12-2018 17:45:18)
Running from C:\Users\kebli\Desktop
Loaded Profiles: KBen (Available Profiles: KBen)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHDCPSvc.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxEM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\kebli\Desktop\FRST64 (1).exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\AvBugReport.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5786576 2015-06-24] (Dell Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6629480 2016-06-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-23] (AVAST Software)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
IFEO\bingdesktop.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\cmslauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcctrayapp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\deliverytray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dell help & support.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\delluptray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\g2minstaller.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\g2mtranscoder.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\isoviewer8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pdr12.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\power2go8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerdvd12.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\productregistration.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\rtkngui64.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\smartbytediagnostics.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\supportassistinstaller.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-08-02]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{cbdb64e4-631a-4bcb-bfd3-3b89faa0d84a}: [DhcpNameServer] 192.168.43.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
 
FireFox:
========
FF DefaultProfile: bs6lengf.default
FF ProfilePath: C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default [2018-12-10]
FF Homepage: Mozilla\Firefox\Profiles\bs6lengf.default -> |hxxps://www.yahoo.com/
FF Extension: (Avast SafePrice) - C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\Extensions\[email protected] [2018-04-14]
FF Extension: (Avast Online Security) - C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\Extensions\[email protected] [2018-08-02]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\kebli\AppData\Roaming\Mozilla\Firefox\Profiles\bs6lengf.default\searchplugins\McSiteAdvisor.xml [2018-03-05]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4169369895-2292233020-3573544003-1001: @citrixonline.com/appdetectorplugin -> C:\Users\kebli\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-4169369895-2292233020-3573544003-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kebli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://tekrepublik7.net/newforum/index.php?topic=81.0","hxxp://www.copyblogger.com/content-marketing-codex/","hxxps://plus.google.com/u/0/communities/104474428845467390263","hxxps://apps.facebook.com/battlepirates/","hxxp://scienceweather.invisionzone.com/"
CHR Profile: C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default [2018-12-10]
CHR Extension: (Slides) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Screen capture, screenshot share/save) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjbjepchlgclmpinlbbeinajphohgfod [2018-12-10]
CHR Extension: (Google Search) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-11-16]
CHR Extension: (Sheets) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Supernova) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Avast Online Security) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-03]
CHR Extension: (Yahoo Partner) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm [2018-06-07]
CHR Extension: (Oberlo - Aliexpress.com Product Importer) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmanipjnbjnhoicdnooapcnfonebefel [2018-11-26]
CHR Extension: (Instapaper) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh [2018-12-10]
CHR Extension: (WeatherBug) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\kebli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-06]
CHR HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-23] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-08] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-23] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-08] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-11-23] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-11-01] (AVAST Software)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S4 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe [935744 2018-07-16] (PC-Doctor, Inc.)
S4 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
S4 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\elevation_service.exe [443872 2018-11-30] (Google Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
S4 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
S4 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (CloudBees, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
S4 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [45016 2018-07-08] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-11-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-11-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-11-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-11-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-11-23] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-02] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-11-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-11-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-11-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-11-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-11-23] (AVAST Software)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-21] (Bluestack System Inc. )
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks, LLC.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-10 17:45 - 2018-12-10 17:46 - 000023672 _____ C:\Users\kebli\Desktop\FRST.txt
2018-12-10 17:40 - 2018-12-10 17:40 - 000000000 ____D C:\Users\kebli\AppData\Roaming\Google
2018-12-10 17:28 - 2018-12-10 17:29 - 000078842 _____ C:\WINDOWS\system32\store.INTEG.RAW
2018-12-09 14:25 - 2018-12-09 14:25 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-12-09 14:18 - 2018-12-09 14:21 - 000015271 _____ C:\VEW.txt
2018-12-09 13:04 - 2018-12-09 13:05 - 000000000 ____D C:\Users\kebli\AppData\Local\D3DSCache
2018-12-08 12:11 - 2018-12-08 12:12 - 000277352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-05 19:17 - 2018-12-10 17:44 - 000000000 ____D C:\Users\kebli\Desktop\malwarefight
2018-12-05 18:04 - 2018-12-09 14:23 - 002417152 _____ (Farbar) C:\Users\kebli\Desktop\FRST64 (1).exe
2018-11-23 21:44 - 2018-11-23 21:43 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-11-13 13:04 - 2018-11-01 05:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-13 13:04 - 2018-11-01 03:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 13:04 - 2018-11-01 03:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 13:04 - 2018-11-01 01:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-13 13:04 - 2018-11-01 01:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-13 13:04 - 2018-11-01 01:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-13 13:04 - 2018-10-31 22:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-13 13:04 - 2018-10-31 22:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-13 13:04 - 2018-10-21 07:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-13 13:03 - 2018-11-01 05:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-13 13:03 - 2018-11-01 05:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 13:03 - 2018-11-01 05:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-13 13:03 - 2018-11-01 05:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 13:03 - 2018-11-01 05:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-13 13:03 - 2018-11-01 05:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-13 13:03 - 2018-11-01 05:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-13 13:03 - 2018-11-01 05:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 13:03 - 2018-11-01 05:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-13 13:03 - 2018-11-01 05:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 13:03 - 2018-11-01 05:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-13 13:03 - 2018-11-01 05:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-13 13:03 - 2018-11-01 05:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 13:03 - 2018-11-01 05:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-13 13:03 - 2018-11-01 05:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-13 13:03 - 2018-11-01 05:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-13 13:03 - 2018-11-01 05:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-13 13:03 - 2018-11-01 04:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 13:03 - 2018-11-01 03:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 13:03 - 2018-11-01 03:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-13 13:03 - 2018-11-01 03:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-13 13:03 - 2018-11-01 03:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-13 13:03 - 2018-11-01 03:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-13 13:03 - 2018-11-01 03:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-13 13:03 - 2018-11-01 01:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-13 13:03 - 2018-11-01 01:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-13 13:03 - 2018-11-01 01:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-13 13:03 - 2018-11-01 01:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-13 13:03 - 2018-11-01 01:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-13 13:03 - 2018-11-01 01:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-13 13:03 - 2018-11-01 01:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-13 13:03 - 2018-11-01 01:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-13 13:03 - 2018-11-01 01:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-13 13:03 - 2018-11-01 01:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-13 13:03 - 2018-11-01 01:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-13 13:03 - 2018-11-01 01:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-13 13:03 - 2018-11-01 01:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 13:03 - 2018-11-01 01:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 13:03 - 2018-11-01 01:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-13 13:03 - 2018-11-01 01:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-13 13:03 - 2018-11-01 01:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-13 13:03 - 2018-11-01 01:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-13 13:03 - 2018-11-01 01:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-13 13:03 - 2018-11-01 01:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-13 13:03 - 2018-11-01 01:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-13 13:03 - 2018-11-01 01:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-13 13:03 - 2018-11-01 01:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-13 13:03 - 2018-11-01 00:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 13:03 - 2018-11-01 00:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-13 13:03 - 2018-11-01 00:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 13:03 - 2018-11-01 00:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 13:03 - 2018-11-01 00:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-13 13:03 - 2018-11-01 00:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-13 13:03 - 2018-11-01 00:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 13:03 - 2018-11-01 00:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-13 13:03 - 2018-10-31 23:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-13 13:03 - 2018-10-31 23:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-13 13:03 - 2018-10-31 22:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-13 13:03 - 2018-10-31 22:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-13 13:03 - 2018-10-31 22:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-13 13:03 - 2018-10-31 22:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-13 13:03 - 2018-10-31 22:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-13 13:03 - 2018-10-31 22:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-13 13:03 - 2018-10-31 22:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-13 13:03 - 2018-10-31 22:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-13 13:03 - 2018-10-31 22:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-13 13:03 - 2018-10-31 22:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-13 13:03 - 2018-10-31 22:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-13 13:03 - 2018-10-31 22:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-13 13:03 - 2018-10-31 22:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 13:03 - 2018-10-31 22:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-13 13:03 - 2018-10-31 22:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 13:03 - 2018-10-31 22:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-13 13:03 - 2018-10-31 22:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-13 13:03 - 2018-10-21 07:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-13 13:03 - 2018-10-21 07:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-13 13:03 - 2018-10-21 07:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-13 13:03 - 2018-10-21 07:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-13 13:03 - 2018-10-21 06:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-13 13:03 - 2018-10-21 06:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-13 13:03 - 2018-10-21 06:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-13 13:03 - 2018-10-21 06:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-13 13:03 - 2018-10-21 06:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-13 13:03 - 2018-10-21 06:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-13 13:03 - 2018-10-21 06:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-13 13:03 - 2018-10-21 06:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-13 13:03 - 2018-10-21 06:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-13 13:03 - 2018-10-21 06:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-13 13:03 - 2018-10-21 05:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-13 13:03 - 2018-10-21 05:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-13 13:03 - 2018-10-21 05:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-13 13:03 - 2018-10-21 05:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-13 13:03 - 2018-10-21 05:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-13 13:03 - 2018-10-21 05:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-13 13:03 - 2018-10-21 05:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-13 13:03 - 2018-10-21 05:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-13 13:03 - 2018-10-21 05:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-13 13:03 - 2018-10-21 05:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-13 13:03 - 2018-10-21 03:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-13 13:03 - 2018-10-21 02:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-13 13:03 - 2018-10-21 01:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-13 13:03 - 2018-10-21 01:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-13 13:03 - 2018-10-21 01:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-13 13:03 - 2018-10-21 01:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-13 13:03 - 2018-10-21 01:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-13 13:03 - 2018-10-21 01:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-13 13:03 - 2018-10-21 01:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-13 13:03 - 2018-10-21 01:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-13 13:03 - 2018-10-21 01:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-13 13:03 - 2018-10-21 01:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-13 13:03 - 2018-10-21 01:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-13 13:03 - 2018-10-21 01:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-13 13:03 - 2018-10-21 01:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-13 13:03 - 2018-10-21 01:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-13 13:03 - 2018-10-21 01:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-13 13:03 - 2018-10-21 01:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-13 13:03 - 2018-10-21 01:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-13 13:03 - 2018-10-21 01:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-13 13:03 - 2018-10-21 01:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-13 13:03 - 2018-10-21 01:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-13 13:03 - 2018-10-21 01:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-13 13:03 - 2018-10-21 01:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-13 13:03 - 2018-10-21 01:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-13 13:03 - 2018-10-21 01:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-13 13:03 - 2018-10-21 01:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-13 13:03 - 2018-10-21 01:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-13 13:03 - 2018-10-21 01:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-13 13:03 - 2018-10-21 01:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-13 13:03 - 2018-10-21 01:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-13 13:03 - 2018-10-21 01:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-13 13:03 - 2018-10-21 01:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-13 13:03 - 2018-10-21 00:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-13 13:03 - 2018-10-21 00:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-13 13:03 - 2018-10-21 00:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-13 13:03 - 2018-10-20 23:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-13 13:03 - 2018-10-20 23:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-13 13:03 - 2018-04-27 22:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-12-10 17:45 - 2015-11-23 15:23 - 000000000 ____D C:\FRST
2018-12-10 17:38 - 2017-06-10 15:16 - 000000000 ____D C:\Users\kebli\Desktop\Pics Jun10 2017
2018-12-10 17:38 - 2015-11-01 00:26 - 000002217 _____ C:\Users\kebli\Desktop\ScreenHunter 6.0 Free.lnk
2018-12-10 17:37 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-10 17:37 - 2016-11-19 03:58 - 000000000 ____D C:\Users\kebli\AppData\Local\ConnectedDevicesPlatform
2018-12-10 17:36 - 2018-08-04 01:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-10 17:35 - 2018-08-04 01:20 - 000003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-12-10 17:35 - 2018-08-04 01:20 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-12-10 17:35 - 2018-08-04 01:20 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-10 17:35 - 2018-08-04 01:20 - 000003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8E32CCF5-6C3B-4761-B98F-5E7BA2CFD104}
2018-12-10 17:35 - 2018-08-04 01:20 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-10 17:35 - 2018-08-04 01:20 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-12-10 17:35 - 2018-08-04 01:20 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-12-10 17:35 - 2018-08-04 01:20 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4169369895-2292233020-3573544003-1001
2018-12-10 17:35 - 2018-08-04 01:20 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-12-10 17:35 - 2018-08-04 01:20 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-12-10 17:35 - 2018-08-04 01:20 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-12-10 17:35 - 2018-08-04 01:20 - 000002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2018-12-10 17:35 - 2018-08-04 01:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-12-10 17:35 - 2018-04-11 15:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-12-10 16:48 - 2018-09-10 00:22 - 000000000 ____D C:\Users\kebli\AppData\Local\CrashDumps
2018-12-10 15:38 - 2018-08-04 00:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-10 13:36 - 2018-08-02 22:59 - 000000000 ____D C:\Users\kebli\AppData\Local\AVAST Software
2018-12-10 13:34 - 2015-10-30 21:52 - 000000000 ____D C:\Users\kebli\AppData\Local\Comms
2018-12-10 13:33 - 2015-10-30 21:50 - 000000000 __SHD C:\Users\kebli\IntelGraphicsProfiles
2018-12-10 00:59 - 2017-11-21 18:28 - 000000000 ____D C:\Users\kebli\Desktop\New folder
2018-12-09 14:11 - 2015-10-30 21:50 - 000000000 ____D C:\Users\kebli\AppData\Local\VirtualStore
2018-12-09 13:30 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-09 11:33 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-12-09 11:31 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-08 12:28 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-08 11:33 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-07 19:31 - 2018-08-04 01:20 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-12-07 13:48 - 2017-09-29 05:23 - 000000000 ____D C:\Program Files\rempl
2018-12-06 14:12 - 2018-01-16 06:02 - 000000000 ____D C:\Users\kebli\AppData\Local\Packages
2018-12-06 13:12 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-06 01:36 - 2018-08-04 01:09 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-06 01:26 - 2018-08-04 01:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-12-06 01:26 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-12-06 01:25 - 2018-01-15 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-12-06 01:23 - 2015-10-30 00:28 - 000000000 ____D C:\Users\Default.migrated
2018-12-05 21:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-05 21:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-12-04 17:18 - 2015-10-31 13:32 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-03 11:55 - 2018-08-04 00:56 - 000002369 _____ C:\Users\kebli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-03 11:55 - 2015-10-30 21:54 - 000000000 ___RD C:\Users\kebli\OneDrive
2018-11-30 22:01 - 2018-10-09 16:53 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-30 22:01 - 2018-10-09 16:53 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-29 13:01 - 2015-12-05 22:50 - 000000000 ____D C:\Program Files\CCleaner
2018-11-26 08:16 - 2018-06-10 20:45 - 000239840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-11-23 21:44 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-23 21:43 - 2018-10-23 18:10 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 001028680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000380464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000346592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000230344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000208472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000201768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000201240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000163208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000111800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000087432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000059496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-11-23 21:43 - 2018-03-25 21:49 - 000046384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-11-22 20:35 - 2018-09-08 11:15 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-14 17:45 - 2015-12-13 14:19 - 000000000 ___RD C:\Users\kebli\3D Objects
2018-11-14 17:45 - 2015-09-18 06:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 17:36 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-13 13:01 - 2015-10-31 00:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 13:00 - 2015-10-31 00:04 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-11-02 19:34 - 2015-11-02 19:34 - 000007679 _____ () C:\Users\kebli\AppData\Local\Resmon.ResmonCfg
2018-04-29 00:09 - 2018-04-29 00:09 - 000000000 _____ () C:\Users\kebli\AppData\Local\{062078D9-1EAA-4A27-95D5-40AB4E70E42C}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-04 00:49
 
==================== End of FRST.txt ============================
 
 
 
 
 
And the Addition log:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by KBen (10-12-2018 17:46:37)
Running from C:\Users\kebli\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-08-04 07:22:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4169369895-2292233020-3573544003-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4169369895-2292233020-3573544003-503 - Limited - Disabled)
Guest (S-1-5-21-4169369895-2292233020-3573544003-501 - Limited - Disabled)
KBen (S-1-5-21-4169369895-2292233020-3573544003-1001 - Administrator - Enabled) => C:\Users\kebli
KBenEbberly (S-1-5-21-4169369895-2292233020-3573544003-1006 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-4169369895-2292233020-3573544003-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.103 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{0C38D1A4-B2FC-9703-654C-C3CEDE4DD225}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{9D9CC4B0-405C-95D6-85B4-B3E4DED01E79}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{788D0DCB-713D-0D8B-F9E5-309796862274}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ED6D0FE7-E572-056E-E087-927C61F2F973}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{15C29BF4-9899-2B62-BE66-A057FC05C852}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{56579888-062A-6054-F513-5958047648F9}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{06EEBF74-32C6-55E5-79A2-E0FA28ADC5CA}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{1A8158BF-DCAA-2D9B-E8CB-F252678A1557}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{D1529DEC-48D9-4F14-F042-2011314AABC7}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD4CE883-EDD3-984B-CFAE-B9E190018BFD}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3067917D-AC97-570E-0049-68C6A15D5019}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D3E58012-AA11-3DA3-25CA-3CA7608A59CB}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EBC01D33-F6E9-E89D-E263-8FB9779150A5}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{FB9B68B2-E77D-C0AE-5756-71C8E08281C8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{D1A67704-6B9D-25E8-5E72-F240BB3346E8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{498599FF-B5B8-A5FB-54EC-4247CD0B7FFD}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{2B59B1BD-9332-9BB4-4248-742DFEC3246B}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{35B691C1-B888-FF22-E681-AA8436C4A616}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{5C4BCFAC-2BE2-90FB-5A6A-36F0BEF43995}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3E3AFE36-070E-CCA8-0B43-84A62BC019B7}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{E170E54E-94CD-6F2E-6D79-E2DDEEBFD8C8}) (Version: 2016.0616.2136.37049 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{B1714996-891A-43D2-8B83-CCFB2EC53978}) (Version: 2.3.3800.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{4CB4741A-20C1-454E-8276-993D06A76D67}) (Version: 2.2.3.2 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4590 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8431b7d7-59d1-4f45-8212-a2eac049528f}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.1 (x86 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF-XChange Editor (HKLM\...\{3D1987D7-5A88-4DDA-9D29-6977AE2BDBD0}) (Version: 5.5.316.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (HKLM-x32\...\{3475c0cd-7dee-4863-ac1d-57cb530ee125}) (Version: 5.5.315.0 - Tracker Software Products (Canada) Ltd.)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
PX Profile Update (HKLM-x32\...\{0D5E5C9A-84C2-D3E9-30EE-1836BA479E0E}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{95145542-659F-1C89-B424-518BBC7F7556}) (Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.007 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
System Requirements Lab Detection (HKLM-x32\...\{4610FE53-898B-43AE-9F05-6262FB165BFF}) (Version: 6.1.6.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxDTCM.dll [2018-03-22] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000B1C89-7735-4CCD-BA1D-66EE33C841DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {0176B90D-7670-48E5-B03F-EC2404C53E1B} - System32\Tasks\G2MUploadTask-S-1-5-21-4169369895-2292233020-3573544003-1001 => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0C21F844-69B2-4064-8B4B-43EA2771B535} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {14F0A37B-4697-4FF4-B1E8-E3BF48519126} - System32\Tasks\G2MUpdateTask-S-1-5-21-4169369895-2292233020-3573544003-1001 => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4B5E2BD5-AAF9-4DC6-8E7D-70C3F8A9780A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {58A89388-FA2B-415E-B94D-4FDF62D4EDC4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-23] (AVAST Software)
Task: {5EB2329D-A9AC-47A9-8B12-FBB089041235} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7AB9AF15-DDD2-42A5-9081-81F209F0F841} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {7CAF98D8-D452-4F00-A057-C4277ED4B3C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {81D84FBA-E575-497A-924B-6C521478A2AC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-08] (AVAST Software)
Task: {875F5410-5C87-45CE-83DB-1F20D4F543D4} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-11-01] (AVAST Software)
Task: {8AA65B27-46A5-4A8D-A718-4996ADE6236A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {9D89E7D5-A194-4FE5-BDBA-2440FB4CDCC8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A3ABC667-4B93-439F-A425-87FF506C71D9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-08] (AVAST Software)
Task: {A7A795F2-6109-480E-8441-8CAE52FE62AA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {BF2724D9-F313-44E7-AE51-86251CC2F52F} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-03-20] (DELL)
Task: {C0A1125D-9966-4758-B2B4-6DB986483CBA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {C0CB6929-A415-4B65-995E-3179DC9B4FA6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {D3526ADC-380F-4689-B5D5-D0859365B6A7} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-08] (AVAST Software)
Task: {DB740AE1-0B55-4318-B667-0F4B5EE68F79} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {ECC12274-BB53-4C38-8716-9D7A8EF92C4C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-07-08] (Dell Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Dell Product Registration.job => cmd /c sc start Dell Product RegistrationWORKGROUP DESKTOP O8A2EKO
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4169369895-2292233020-3573544003-1001.job => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4169369895-2292233020-3573544003-1001.job => C:\Users\kebli\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP O8A2EKO
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\kebli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WeatherBug.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-13 13:03 - 2018-11-01 00:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-15 17:47 - 2018-10-15 17:48 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-06 14:09 - 2018-12-06 14:11 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-06 14:09 - 2018-12-06 14:20 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-08-02 12:43 - 2018-08-02 12:44 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-26 13:40 - 2018-10-26 13:43 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-10-26 13:40 - 2018-10-26 13:42 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-26 13:40 - 2018-10-26 13:41 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 15:09 - 2017-09-27 01:55 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-26 13:40 - 2018-10-26 13:42 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2015-05-29 17:12 - 2015-05-29 17:12 - 000505200 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2018-11-28 10:11 - 2018-11-28 10:11 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-12-04 17:18 - 2018-11-30 16:34 - 002682336 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\swiftshader\libglesv2.dll
2018-12-04 17:18 - 2018-11-30 16:34 - 000156640 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\swiftshader\libegl.dll
2018-08-02 11:37 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2015-09-18 05:08 - 2014-12-08 01:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 16:28 - 2014-12-08 16:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2018-03-25 21:49 - 2018-03-25 21:49 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-23 21:43 - 2018-11-23 21:43 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 05:04 - 2018-12-06 01:34 - 000000908 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kebli\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\20788.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4169369895-2292233020-3573544003-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6B1A5332-A410-46F7-994D-677207100D5B}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{E6A9D94A-8D1B-43F2-B49D-72E241F7FE63}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1A2BC681-080C-4C2A-8FAB-126EEEBEDBA7}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4A2DB286-62AF-4F6B-84A6-F65F7DBBAD66}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{029F1ADF-BFDA-47A4-BA8E-21F09A6DAFD9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{B5B4CDFB-75CE-49A9-8803-FC52EA41D3F6}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{9B12F191-6A81-41BC-9176-D8CC1BEA4F9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6426F3C1-7131-4E45-ACFC-80BF99EAA8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F74A86C-70F4-4EA7-A37C-5AD3921A2D6E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{C15CB803-5944-48CF-9B35-FCFC9BFFF32B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{693D2FE8-55BD-4A44-A766-CA1B09E72BFA}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{9F08464B-CAC7-4891-B3A4-2A7C01A5BE34}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{55784381-C8D3-4836-AB26-AB1BA0C5ACE0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{91BEEA0E-5551-4655-951A-955EF242E5A0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BB8A871C-2BE8-42C4-8887-096CBCE5890F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1280E18B-404C-4118-AAA2-F4BEB5A0426D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
20-11-2018 17:43:19 Scheduled Checkpoint
30-11-2018 14:21:10 Scheduled Checkpoint
07-12-2018 13:47:59 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2018 05:35:42 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (12/10/2018 05:32:24 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (7144,U,98) Unistore: Database recovery/restore failed with unexpected error -1216.
 
Error: (12/10/2018 05:32:24 PM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost (7144,U,98) Unistore: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (12/10/2018 05:29:05 PM) (Source: ESENT) (EventID: 333) (User: )
Description: esentutl (9812,D,100) The database [C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol] version 1568.60.140 is higher than the maximum version configured by the application 1568.20.0. Current engine format version parameter setting: 0x40000001 (JET_efvUseEngineDefault)
 
Error: (12/10/2018 05:29:04 PM) (Source: ESENT) (EventID: 333) (User: )
Description: esentutl (9812,D,100) The database [C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol] version 1568.60.140 is higher than the maximum version configured by the application 1568.20.0. Current engine format version parameter setting: 0x40000001 (JET_efvUseEngineDefault)
 
Error: (12/10/2018 05:29:04 PM) (Source: ESENT) (EventID: 333) (User: )
Description: esentutl (9812,D,100) The database [C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol] version 1568.60.140 is higher than the maximum version configured by the application 1568.20.0. Current engine format version parameter setting: 0x40000001 (JET_efvUseEngineDefault)
 
Error: (12/10/2018 05:29:03 PM) (Source: ESENT) (EventID: 333) (User: )
Description: esentutl (9812,D,100) The database [C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol] version 1568.60.140 is higher than the maximum version configured by the application 1568.20.0. Current engine format version parameter setting: 0x40000001 (JET_efvUseEngineDefault)
 
Error: (12/10/2018 05:29:01 PM) (Source: ESENT) (EventID: 333) (User: )
Description: esentutl (9812,D,100) The database [C:\Users\kebli\AppData\Local\Comms\UnistoreDB\store.vol] version 1568.60.140 is higher than the maximum version configured by the application 1568.20.0. Current engine format version parameter setting: 0x40000001 (JET_efvUseEngineDefault)
 
 
System errors:
=============
Error: (12/10/2018 05:40:50 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\KBen SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 05:40:09 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\KBen SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 05:39:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\KBen SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 05:38:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\KBen SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 05:36:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 05:36:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 05:32:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2018 05:23:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8A2EKO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-O8A2EKO\KBen SID (S-1-5-21-4169369895-2292233020-3573544003-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16275.82 MB
Available physical RAM: 12935.5 MB
Total Virtual: 18707.82 MB
Available Virtual: 15601.3 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1848.78 GB) (Free:1742.7 GB) NTFS
 
\\?\Volume{917e8194-70b2-42bd-bd7c-b170ba134d78}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS
\\?\Volume{79049588-dba9-4c83-be42-a01776ed46db}\ (Image) (Fixed) (Total:12.78 GB) (Free:0.92 GB) NTFS
\\?\Volume{67692ed4-4711-4932-9712-3240e2999db2}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 61408B0D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 
 

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP

It's not cooperating.

 

Let's see if we can stop the services and restart them.

 

Search for

 

services.msc

 

hit Enter

 

Find each of these and STOP them:

 

Sync Host_85bee
Contact Data_85bee
User Data Access_85bee
User Data Storage_85bee

 

Now navigate to

 

C:\Users\kebli\AppData\Local\Comms\UnistoreDB\

 

and then right click on store.vol and delete

 

This is a hidden file so you may need to tell windows to let you see it.

http://www.howtogeek...-windows-vista/

 

Go back to services and restart the services in reverse order

 

If you can't find the file then redownload and run the previous Fixlist
 


  • 0

#13
Win10Enthusiast

Win10Enthusiast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I have a quick question, RKinner.

How do I search for services.msc ?


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP

There should be a box for Cortana.  Just type:

 

services.msc

 

hit Enter.

 

I use Classic Shell on my Win 10 so it looks like a Win 7 desktop.  I've turned off Cortana but the regular search still works.


  • 0

#15
Win10Enthusiast

Win10Enthusiast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I found all four of them, but they all end in _44485, not 85bee.

 

Sync Host_44485
Contact Data_44485
User Data Access_44485
User Data Storage_44485

 

Should I stop those?


Edited by Win10Enthusiast, 10 December 2018 - 10:17 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP