Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Believe Microsoft Update last Thursday caused some malware on my system


  • Please log in to reply
44 replies to this topic

#1 TomV22

TomV22

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 18 July 2017 - 05:53 PM

Hello.  I believe the last Microsoft Windows update caused issues with my Dell computer, namely the fact that it is slower than molasses since Friday morning, when the update occurred.  Been fighting both - and one wants to charge a fee to fix the issue which they know they caused (go figure that one out - but I digress!)

 

The main issue is that once I log in my windows 10 computer, I can open the task manager and the hard drive is showing 100% for a good 5-10 minutes after login.  And then even after that goes down, there still are issues of slow responses (i.e. open an email and takes like 30-60 seconds for it to open).

 

Hopefully you folks can help me out - have in prior times and have faith you folks can again!

 

Thanks!

Thomas

 

frst log file follows :

-------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by cofun (administrator) on TOMSLAPTOP (18-07-2017 16:46:07)
Running from C:\Users\cofun\Downloads
Loaded Profiles: cofun (Available Profiles: cofun)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\srvc.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\cust.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\cutil.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wistron Corporation) C:\Program Files\Dell\DpmLite\DpmLiteEvent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Dell) C:\Users\cofun\AppData\Local\Apps\2.0\KH0LB0EN.VG2\0EKALTCX.OKK\dell..tion_831211ca63b981c5_0008.0005_9a48d74816d64e41\DellSystemDetect.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935400 2015-05-29] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [717744 2015-11-02] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [DpmLiteEvent] => C:\Program Files\Dell\DpmLite\DpmLiteEvent.exe [2537776 2014-11-19] (Wistron Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [DellCApp] => C:\Program Files\Dell\Click 2 Fix+\capp.exe -l
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [4982336 2017-07-14] (GOG.com)
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\Run: [DellSystemDetect] => C:\Users\cofun\AppData\Local\Apps\2.0\KH0LB0EN.VG2\0EKALTCX.OKK\dell..tion_831211ca63b981c5_0008.0005_9a48d74816d64e41\DellSystemDetect.exe [313264 2017-06-07] (Dell)
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\Winlogon: [Shell] - <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{632a2c76-bf53-4ce7-b371-d4a05ba2f5e4}: [DhcpNameServer] 10.1.0.30 10.1.0.2
Tcpip\..\Interfaces\{d772b649-adf6-4a80-8495-df4d4b7817c8}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1983535665-203477353-737574883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=dcte
HKU\S-1-5-21-1983535665-203477353-737574883-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1983535665-203477353-737574883-1001 -> DefaultScope {C5EF8950-DDD3-43E3-B11C-20A7E491DFF5} URL =
SearchScopes: HKU\S-1-5-21-1983535665-203477353-737574883-1001 -> {C5EF8950-DDD3-43E3-B11C-20A7E491DFF5} URL =
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1983535665-203477353-737574883-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777 [2017-07-18]
FF Homepage: Mozilla\Firefox\Profiles\sszweai3.default-1481577459777 -> hxxps://search.norton.com?o=APN12179&prt=SSS&chn=store&ver=1.0.1.5&tpr=111&guid=742708b9-3ff1-472b-ee08-0b7914955737&doi=2017-7-18
FF Extension: (Save Images) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777\Extensions\LDSI_plashcor@gmail.com.xpi [2017-07-02]
FF Extension: (Lucky PDF Converter) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777\Extensions\luckypdf@luckypdfconverter.com.xpi [2017-05-11]
FF Extension: (Norton Safe Search) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777\Extensions\nortonsafesearch@symantec.com.xpi [2017-07-10]
FF Extension: (Norton Safe Web) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777\Extensions\nortonsafeweb@symantec.com.xpi [2017-07-10]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1983535665-203477353-737574883-1001: @citrixonline.com/appdetectorplugin -> C:\Users\cofun\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-06-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-1983535665-203477353-737574883-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\cofun\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-18] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default [2017-07-15]
CHR Extension: (Google Slides) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-28]
CHR Extension: (Google Docs) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-28]
CHR Extension: (Google Drive) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-28]
CHR Extension: (YouTube) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-28]
CHR Extension: (Norton Security Toolbar) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-07-14]
CHR Extension: (Google Sheets) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-17]
CHR Extension: (AncestryDNA Helper) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjflmfphflaeehhpdiggobllgffelfee [2017-07-14]
CHR Extension: (Ancestry Family Search Extension) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahjgikepkkgkinlhipagkkdgfbobphh [2016-06-28]
CHR Extension: (Norton Identity Safe) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-28]
CHR Extension: (Norton Safe) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27]
CHR Extension: (Gmail) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-28]
CHR Extension: (Chrome Media Router) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-15] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-15] (Dropbox, Inc.)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-07-12] (Dropbox, Inc.)
S4 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [206712 2017-06-20] (Dell Inc.)
S4 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3296632 2017-06-20] (Dell Inc.)
S4 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-06-20] (Dell Inc.)
R2 Dell Click 2 Fix+; C:\Program Files\Dell\Click 2 Fix+\srvc.exe [104448 2017-01-07] (Dell)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S4 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
S4 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S4 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [488000 2017-07-14] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8163392 2017-07-14] (GOG.com)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373760 2016-11-07] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)
S4 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
S4 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe [326160 2017-05-26] (Symantec Corporation)
S4 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-06] (Realtek Semiconductor)
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [52696 2017-06-28] (Dell Inc.)
S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
S4 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S4 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [578480 2015-09-25] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
S4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20170717.001\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1609040.008\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R2 DpmLiteDrv; C:\Program Files\Dell\DpmLite\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [113416 2015-06-15] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [155400 2015-06-15] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20170717.003\IDSvia64.sys [1056920 2017-07-18] (Symantec Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-14] (Malwarebytes)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517200 2016-10-20] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1609040.008\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1609040.008\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1609040.008\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1609040.008\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-21] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1609040.008\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1609040.008\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [48296 2015-05-29] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 16:46 - 2017-07-18 16:47 - 00023644 _____ C:\Users\cofun\Downloads\FRST.txt
2017-07-18 16:45 - 2017-07-18 16:46 - 00000000 ____D C:\FRST
2017-07-18 16:43 - 2017-07-18 16:43 - 02382336 _____ (Farbar) C:\Users\cofun\Downloads\FRST64.exe
2017-07-18 15:01 - 2017-07-18 15:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-07-18 14:51 - 2017-07-18 14:51 - 00000000 ____D C:\Users\cofun\OneDrive\Documents\Zoom
2017-07-18 14:50 - 2017-07-18 14:50 - 00000000 ____D C:\Users\cofun\AppData\Roaming\Zoom
2017-07-18 14:50 - 2017-07-18 14:50 - 00000000 ____D C:\Users\cofun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-07-18 14:49 - 2017-07-18 14:49 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\cofun\Downloads\Zoom_launcher.exe
2017-07-17 15:59 - 2017-07-17 16:05 - 00000000 ____D C:\Users\cofun\Desktop\usb items
2017-07-17 15:38 - 2017-07-17 15:38 - 18357776 _____ (Microsoft Corporation) C:\Users\cofun\Downloads\MediaCreationTool.exe
2017-07-14 17:11 - 2017-07-14 17:11 - 00000037 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2017-07-14 14:48 - 2017-07-14 14:48 - 00001664 _____ C:\Users\cofun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smith Runner Cemetery.lnk
2017-07-14 12:52 - 2017-07-14 12:52 - 00003646 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-07-14 12:42 - 2017-07-14 12:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-14 12:42 - 2017-07-14 12:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-14 12:40 - 2017-07-14 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-14 12:17 - 2017-07-14 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-14 12:16 - 2017-07-14 12:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-14 12:16 - 2017-07-14 12:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-07-14 11:42 - 2017-07-14 11:42 - 00001851 _____ C:\Users\Public\Desktop\Dell Click 2 Fix+.lnk
2017-07-14 11:42 - 2017-07-14 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Click 2 Fix+
2017-07-14 11:32 - 2017-07-14 11:32 - 00000000 ____D C:\ProgramData\Citrix
2017-07-14 11:31 - 2017-07-14 11:31 - 00000000 ____D C:\Program Files (x86)\Citrix
2017-07-14 11:02 - 2017-07-14 11:02 - 00000000 ___HD C:\OneDriveTemp
2017-07-14 10:59 - 2017-07-14 10:59 - 00004340 _____ C:\WINDOWS\system32\default_error_stack-000016-000000.txt
2017-07-14 10:59 - 2017-07-14 10:59 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000015-000000.txt
2017-07-14 10:25 - 2017-07-14 10:25 - 00004340 _____ C:\WINDOWS\system32\default_error_stack-000014-000000.txt
2017-07-14 10:25 - 2017-07-14 10:25 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000013-000000.txt
2017-07-14 10:16 - 2017-07-14 10:16 - 00004340 _____ C:\WINDOWS\system32\default_error_stack-000012-000000.txt
2017-07-14 10:16 - 2017-07-14 10:16 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000011-000000.txt
2017-07-13 15:52 - 2017-07-13 15:52 - 00167232 _____ C:\Users\cofun\Downloads\comp plan.pdf
2017-07-13 15:51 - 2017-07-13 15:51 - 00000046 _____ C:\Users\cofun\Desktop\uhc gmc doctors.txt
2017-07-13 14:21 - 2017-07-13 14:21 - 00000061 _____ C:\Users\cofun\Desktop\fidelity contact info.txt
2017-07-13 12:13 - 2017-07-13 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-12 13:58 - 2017-07-12 13:58 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-07-12 13:58 - 2017-07-12 13:58 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-07-12 13:58 - 2017-07-12 13:58 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-07-12 13:58 - 2017-07-12 13:58 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-07-11 20:07 - 2017-07-07 01:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-11 20:07 - 2017-07-07 01:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-11 20:07 - 2017-07-07 01:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-11 20:07 - 2017-07-07 00:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-11 20:07 - 2017-07-07 00:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-11 20:07 - 2017-07-07 00:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-11 20:07 - 2017-07-07 00:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-11 20:07 - 2017-07-07 00:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-11 20:07 - 2017-07-07 00:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-11 20:07 - 2017-07-07 00:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-11 20:07 - 2017-07-07 00:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-11 20:07 - 2017-07-07 00:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-11 20:07 - 2017-07-07 00:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-11 20:07 - 2017-07-07 00:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-11 20:07 - 2017-07-07 00:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-11 20:07 - 2017-07-07 00:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-11 20:07 - 2017-07-07 00:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-11 20:07 - 2017-07-07 00:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-11 20:07 - 2017-07-07 00:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-11 20:07 - 2017-07-07 00:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-11 20:07 - 2017-07-07 00:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-11 20:07 - 2017-07-07 00:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-11 20:07 - 2017-07-07 00:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-11 20:07 - 2017-07-07 00:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-11 20:07 - 2017-07-07 00:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-07-11 20:07 - 2017-07-07 00:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-11 20:07 - 2017-07-07 00:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-11 20:07 - 2017-07-07 00:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-11 20:07 - 2017-07-07 00:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-11 20:07 - 2017-07-07 00:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-11 20:07 - 2017-07-07 00:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-11 20:07 - 2017-07-07 00:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-11 20:07 - 2017-07-07 00:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-11 20:07 - 2017-07-07 00:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-11 20:07 - 2017-07-07 00:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-11 20:07 - 2017-07-07 00:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-11 20:07 - 2017-07-07 00:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-11 20:07 - 2017-07-07 00:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-11 20:07 - 2017-07-07 00:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-11 20:07 - 2017-07-07 00:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-11 20:07 - 2017-07-07 00:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 20:07 - 2017-07-07 00:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-11 20:07 - 2017-07-07 00:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-11 20:07 - 2017-07-07 00:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-11 20:07 - 2017-07-07 00:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-11 20:07 - 2017-07-07 00:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-11 20:07 - 2017-07-07 00:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-11 20:07 - 2017-07-07 00:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-11 20:07 - 2017-07-07 00:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-11 20:07 - 2017-07-07 00:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-11 20:07 - 2017-07-07 00:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-11 20:07 - 2017-07-07 00:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-11 20:07 - 2017-07-07 00:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-11 20:07 - 2017-07-07 00:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-11 20:07 - 2017-07-07 00:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-11 20:07 - 2017-07-07 00:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-11 20:07 - 2017-07-06 23:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-11 20:07 - 2017-07-06 23:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-11 20:07 - 2017-07-06 23:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-11 20:07 - 2017-07-06 23:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-11 20:07 - 2017-07-06 23:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-11 20:07 - 2017-07-06 23:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-11 20:07 - 2017-07-06 23:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-11 20:07 - 2017-07-06 23:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-11 20:07 - 2017-07-06 23:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-11 20:07 - 2017-07-06 23:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-11 20:07 - 2017-07-06 23:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-11 20:07 - 2017-07-06 23:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-11 20:07 - 2017-06-20 00:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-11 20:07 - 2017-06-20 00:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-11 20:07 - 2017-06-20 00:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-11 20:07 - 2017-06-19 23:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-11 20:07 - 2017-06-19 23:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-11 20:07 - 2017-06-19 23:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-11 20:07 - 2017-06-19 23:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-11 20:07 - 2017-06-19 23:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-11 20:07 - 2017-06-19 23:12 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-07-11 20:07 - 2017-06-19 23:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-11 20:07 - 2017-06-19 23:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-11 20:07 - 2017-06-19 23:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-11 20:07 - 2017-06-19 23:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-11 20:07 - 2017-06-19 23:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-11 20:07 - 2017-06-19 23:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-11 20:07 - 2017-06-19 23:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-11 20:07 - 2017-06-19 23:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-11 20:07 - 2017-06-19 23:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-11 20:07 - 2017-06-19 23:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-11 20:07 - 2017-06-19 23:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-11 20:07 - 2017-06-19 23:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-11 20:07 - 2017-06-19 23:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-11 20:07 - 2017-06-19 23:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-11 20:07 - 2017-06-19 23:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-11 20:07 - 2017-06-19 23:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-11 20:07 - 2017-06-19 23:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-11 20:07 - 2017-06-19 23:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-11 20:07 - 2017-06-19 23:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-11 20:07 - 2017-06-19 23:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-11 20:07 - 2017-06-19 23:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-11 20:07 - 2017-06-19 23:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-11 20:07 - 2017-06-19 23:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-11 20:07 - 2017-06-19 23:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-11 20:07 - 2017-06-19 23:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-11 20:07 - 2017-06-19 23:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-11 20:07 - 2017-06-19 23:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-11 20:07 - 2017-06-19 23:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-11 20:07 - 2017-06-19 23:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-11 20:07 - 2017-06-19 23:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-11 20:07 - 2017-06-19 23:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-11 20:07 - 2017-06-19 22:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-11 20:07 - 2017-06-19 22:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-11 20:07 - 2017-06-19 22:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-11 20:07 - 2017-06-19 22:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 20:07 - 2017-06-19 22:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-11 20:07 - 2017-06-19 22:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-11 20:07 - 2017-06-19 22:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-11 20:07 - 2017-06-19 22:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-11 20:07 - 2017-06-19 22:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-11 20:07 - 2017-06-19 22:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-11 20:07 - 2017-06-19 22:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-11 20:07 - 2017-06-19 22:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-11 20:07 - 2017-06-19 22:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-11 20:07 - 2017-06-19 22:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-11 20:07 - 2017-06-19 22:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-11 20:07 - 2017-06-19 22:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-11 20:07 - 2017-06-19 22:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-11 20:07 - 2017-06-19 22:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-11 20:07 - 2017-06-19 22:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-11 20:07 - 2017-06-19 22:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-11 20:07 - 2017-06-19 22:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-11 20:07 - 2017-06-19 22:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-11 20:07 - 2017-06-19 22:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-11 20:07 - 2017-06-19 22:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-11 20:07 - 2017-06-19 22:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-11 20:07 - 2017-06-19 22:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-11 20:07 - 2017-06-19 22:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-11 20:07 - 2017-06-19 22:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-11 20:07 - 2017-06-19 22:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-11 20:07 - 2017-06-19 22:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-11 20:07 - 2017-06-19 22:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-11 20:07 - 2017-06-19 22:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-11 20:07 - 2017-06-19 22:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-11 20:07 - 2017-06-19 22:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-11 20:07 - 2017-06-19 22:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-11 20:07 - 2017-06-19 22:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-11 20:07 - 2017-06-19 22:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-11 20:07 - 2017-06-19 22:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-11 20:07 - 2017-06-19 22:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-11 20:07 - 2017-06-19 22:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-11 20:07 - 2017-06-19 22:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-11 20:07 - 2017-06-19 22:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-11 20:07 - 2017-06-19 22:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-11 20:07 - 2017-06-19 22:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-11 20:07 - 2017-06-19 22:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-11 20:07 - 2017-06-19 22:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-11 20:07 - 2017-06-19 22:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-11 20:07 - 2017-06-19 22:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-11 20:07 - 2017-06-19 22:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-11 20:06 - 2017-07-07 08:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-11 20:06 - 2017-07-07 01:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-11 20:06 - 2017-07-07 01:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-11 20:06 - 2017-07-07 01:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-11 20:06 - 2017-07-07 01:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-11 20:06 - 2017-07-07 01:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-11 20:06 - 2017-07-07 01:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-11 20:06 - 2017-07-07 01:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-11 20:06 - 2017-07-07 01:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-11 20:06 - 2017-07-07 01:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-11 20:06 - 2017-07-07 01:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-11 20:06 - 2017-07-07 01:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-11 20:06 - 2017-07-07 01:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-11 20:06 - 2017-07-07 01:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-11 20:06 - 2017-07-07 01:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-11 20:06 - 2017-07-07 01:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-11 20:06 - 2017-07-07 01:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-11 20:06 - 2017-07-07 01:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-11 20:06 - 2017-07-07 01:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-11 20:06 - 2017-07-07 01:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-11 20:06 - 2017-07-07 01:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-11 20:06 - 2017-07-07 01:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-11 20:06 - 2017-07-07 01:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-11 20:06 - 2017-07-07 01:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-11 20:06 - 2017-07-07 01:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-11 20:06 - 2017-07-07 01:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-11 20:06 - 2017-07-07 01:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-11 20:06 - 2017-07-07 01:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-11 20:06 - 2017-07-07 01:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-11 20:06 - 2017-07-07 01:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-11 20:06 - 2017-07-07 01:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-11 20:06 - 2017-07-07 01:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-11 20:06 - 2017-07-07 00:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-11 20:06 - 2017-07-07 00:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-11 20:06 - 2017-07-07 00:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-11 20:06 - 2017-07-07 00:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-11 20:06 - 2017-07-07 00:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-11 20:06 - 2017-07-07 00:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-11 20:06 - 2017-07-07 00:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-11 20:06 - 2017-07-07 00:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-11 20:06 - 2017-07-07 00:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-11 20:06 - 2017-07-07 00:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-11 20:06 - 2017-07-07 00:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-11 20:06 - 2017-07-07 00:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-11 20:06 - 2017-07-07 00:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-11 20:06 - 2017-07-07 00:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-11 20:06 - 2017-07-07 00:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-11 20:06 - 2017-07-07 00:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-11 20:06 - 2017-07-07 00:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-11 20:06 - 2017-07-07 00:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-11 20:06 - 2017-07-07 00:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-11 20:06 - 2017-07-07 00:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-11 20:06 - 2017-07-07 00:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-11 20:06 - 2017-07-07 00:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-11 20:06 - 2017-07-07 00:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-11 20:06 - 2017-07-07 00:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-11 20:06 - 2017-07-07 00:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-11 20:06 - 2017-07-07 00:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-11 20:06 - 2017-07-07 00:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-11 20:06 - 2017-07-07 00:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-11 20:06 - 2017-07-07 00:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-11 20:06 - 2017-07-07 00:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-11 20:06 - 2017-07-07 00:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-11 20:06 - 2017-07-07 00:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-11 20:06 - 2017-07-07 00:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-11 20:06 - 2017-07-07 00:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-11 20:06 - 2017-07-07 00:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-11 20:06 - 2017-07-07 00:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-11 20:06 - 2017-07-07 00:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-11 20:06 - 2017-07-07 00:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-11 20:06 - 2017-07-07 00:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-11 20:06 - 2017-07-07 00:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-11 20:06 - 2017-07-07 00:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-11 20:06 - 2017-07-07 00:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-11 20:06 - 2017-07-07 00:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-11 20:06 - 2017-07-07 00:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-11 20:06 - 2017-07-07 00:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-11 20:06 - 2017-07-07 00:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-11 20:06 - 2017-07-07 00:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-11 20:06 - 2017-07-07 00:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-11 20:06 - 2017-07-07 00:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-11 20:06 - 2017-07-07 00:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-11 20:06 - 2017-07-07 00:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-11 20:06 - 2017-07-07 00:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-11 20:06 - 2017-07-07 00:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-11 20:06 - 2017-07-07 00:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-11 20:06 - 2017-07-07 00:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-11 20:06 - 2017-07-07 00:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-11 20:06 - 2017-07-07 00:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-11 20:06 - 2017-07-07 00:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-11 20:06 - 2017-07-07 00:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-11 20:06 - 2017-07-07 00:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-11 20:06 - 2017-07-07 00:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-11 20:06 - 2017-07-07 00:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-11 20:06 - 2017-07-07 00:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-11 20:06 - 2017-07-07 00:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-11 20:06 - 2017-07-07 00:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-11 20:06 - 2017-07-06 23:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-11 20:06 - 2017-07-01 16:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-11 20:06 - 2017-06-20 00:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-11 20:06 - 2017-06-20 00:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-11 20:06 - 2017-06-20 00:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-11 20:06 - 2017-06-20 00:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-11 20:06 - 2017-06-20 00:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-11 20:06 - 2017-06-20 00:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-11 20:06 - 2017-06-20 00:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-11 20:06 - 2017-06-20 00:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-11 20:06 - 2017-06-20 00:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-11 20:06 - 2017-06-20 00:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-11 20:06 - 2017-06-20 00:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-11 20:06 - 2017-06-20 00:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-11 20:06 - 2017-06-20 00:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-11 20:06 - 2017-06-20 00:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-11 20:06 - 2017-06-19 23:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-11 20:06 - 2017-06-19 23:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-11 20:06 - 2017-06-19 23:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-11 20:06 - 2017-06-19 23:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-11 20:06 - 2017-06-19 23:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-11 20:06 - 2017-06-19 23:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-11 20:06 - 2017-06-19 23:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-11 20:06 - 2017-06-19 23:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-11 20:06 - 2017-06-19 23:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-11 20:06 - 2017-06-19 23:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-11 20:06 - 2017-06-19 23:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-11 20:06 - 2017-06-19 23:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-11 20:06 - 2017-06-19 23:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-11 20:06 - 2017-06-19 23:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-11 20:06 - 2017-06-19 23:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-11 20:06 - 2017-06-19 23:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-11 20:06 - 2017-06-19 23:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-11 20:06 - 2017-06-19 23:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-11 20:06 - 2017-06-19 23:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-11 20:06 - 2017-06-19 23:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-11 20:06 - 2017-06-19 23:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-11 20:06 - 2017-06-19 23:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-11 20:06 - 2017-06-19 23:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-11 20:06 - 2017-06-19 23:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-11 20:06 - 2017-06-19 23:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-11 20:06 - 2017-06-19 23:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-11 20:06 - 2017-06-19 23:07 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-07-11 20:06 - 2017-06-19 23:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-11 20:06 - 2017-06-19 23:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-11 20:06 - 2017-06-19 23:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-11 20:06 - 2017-06-19 23:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-11 20:06 - 2017-06-19 23:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-11 20:06 - 2017-06-19 23:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-11 20:06 - 2017-06-19 23:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-11 20:06 - 2017-06-19 23:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-11 20:06 - 2017-06-19 23:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-11 20:06 - 2017-06-19 23:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-11 20:06 - 2017-06-19 23:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-11 20:06 - 2017-06-19 23:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-11 20:06 - 2017-06-19 23:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-11 20:06 - 2017-06-19 23:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-11 20:06 - 2017-06-19 23:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-11 20:06 - 2017-06-19 23:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-11 20:06 - 2017-06-19 23:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-11 20:06 - 2017-06-19 23:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-11 20:06 - 2017-06-19 23:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-11 20:06 - 2017-06-19 23:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-11 20:06 - 2017-06-19 23:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-11 20:06 - 2017-06-19 23:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-11 20:06 - 2017-06-19 23:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-11 20:06 - 2017-06-19 23:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-11 20:06 - 2017-06-19 23:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-11 20:06 - 2017-06-19 23:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-11 20:06 - 2017-06-19 23:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-11 20:06 - 2017-06-19 23:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-11 20:06 - 2017-06-19 22:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-11 20:06 - 2017-06-19 22:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-11 20:06 - 2017-06-19 22:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-11 20:06 - 2017-06-19 22:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-11 20:06 - 2017-06-19 22:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-11 20:06 - 2017-06-19 22:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-11 20:06 - 2017-06-19 22:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-11 20:06 - 2017-06-19 22:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-11 20:06 - 2017-06-19 22:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-11 20:06 - 2017-06-19 22:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-11 20:06 - 2017-06-19 22:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-11 20:06 - 2017-06-19 22:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-11 20:06 - 2017-06-19 22:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-11 20:05 - 2017-07-07 01:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-11 20:05 - 2017-07-07 01:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-11 20:05 - 2017-07-07 01:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-11 20:05 - 2017-07-07 01:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-11 20:05 - 2017-07-07 01:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-11 20:05 - 2017-07-07 01:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-11 20:05 - 2017-07-07 01:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-11 20:05 - 2017-07-07 01:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-11 20:05 - 2017-07-07 00:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-11 20:05 - 2017-07-07 00:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-11 20:05 - 2017-07-07 00:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-11 20:05 - 2017-07-07 00:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-11 20:05 - 2017-07-07 00:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-11 20:05 - 2017-07-07 00:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-11 20:05 - 2017-07-07 00:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-11 20:05 - 2017-07-07 00:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-11 20:05 - 2017-07-07 00:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-11 20:05 - 2017-07-07 00:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-11 20:05 - 2017-07-07 00:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-11 20:05 - 2017-07-07 00:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-11 20:05 - 2017-07-07 00:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-11 20:05 - 2017-07-07 00:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-11 20:05 - 2017-07-07 00:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-11 20:05 - 2017-07-07 00:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-11 20:05 - 2017-07-07 00:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-11 20:05 - 2017-07-07 00:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-11 20:05 - 2017-07-07 00:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-11 20:05 - 2017-07-07 00:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-11 20:05 - 2017-07-07 00:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-11 20:05 - 2017-07-07 00:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-11 20:05 - 2017-07-07 00:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-11 20:05 - 2017-06-20 00:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-11 20:05 - 2017-06-20 00:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-11 20:05 - 2017-06-20 00:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-11 20:05 - 2017-06-20 00:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-11 20:05 - 2017-06-20 00:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-11 20:05 - 2017-06-20 00:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-11 20:05 - 2017-06-20 00:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-11 20:05 - 2017-06-20 00:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-11 20:05 - 2017-06-20 00:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-11 20:05 - 2017-06-20 00:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-11 20:05 - 2017-06-20 00:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-11 20:05 - 2017-06-19 23:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-11 20:05 - 2017-06-19 23:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-11 20:05 - 2017-06-19 23:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-11 20:05 - 2017-06-19 23:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-11 20:05 - 2017-06-19 23:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-11 20:05 - 2017-06-19 23:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-11 20:05 - 2017-06-19 23:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 20:05 - 2017-06-19 23:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-11 20:05 - 2017-06-19 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-11 20:05 - 2017-06-19 23:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-11 20:05 - 2017-06-19 23:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-11 20:05 - 2017-06-19 23:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-11 20:05 - 2017-06-19 23:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-11 20:05 - 2017-06-19 23:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-11 20:05 - 2017-06-19 23:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-11 20:05 - 2017-06-19 23:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-11 20:05 - 2017-06-19 23:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-11 20:05 - 2017-06-19 23:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-11 20:05 - 2017-06-19 23:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-11 20:05 - 2017-06-19 23:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-11 20:05 - 2017-06-19 23:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-11 20:05 - 2017-06-19 23:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-11 20:05 - 2017-06-19 23:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-11 20:05 - 2017-06-19 23:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-11 20:05 - 2017-06-19 23:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-11 20:05 - 2017-06-19 23:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-11 20:05 - 2017-06-19 23:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-11 20:05 - 2017-06-19 23:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-11 20:05 - 2017-06-19 23:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-11 20:05 - 2017-06-19 23:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-11 20:05 - 2017-06-19 23:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-11 20:05 - 2017-06-19 23:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-11 20:05 - 2017-06-19 23:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-11 20:05 - 2017-06-19 23:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-11 20:05 - 2017-06-19 23:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-11 20:05 - 2017-06-19 23:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-11 20:05 - 2017-06-19 23:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-11 20:05 - 2017-06-19 23:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-11 20:05 - 2017-06-19 23:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-11 20:05 - 2017-06-19 22:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-11 20:05 - 2017-06-19 22:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-11 20:05 - 2017-06-19 22:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-11 20:05 - 2017-06-19 22:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-11 19:41 - 2017-07-11 19:41 - 00004340 _____ C:\WINDOWS\system32\default_error_stack-000010-000000.txt
2017-07-11 19:41 - 2017-07-11 19:41 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000009-000000.txt
2017-07-10 22:09 - 2017-07-10 22:09 - 00000000 ____D C:\Users\cofun\AppData\Local\GoToMeeting
2017-07-08 07:49 - 2017-07-18 13:12 - 00000000 ____D C:\Program Files (x86)\Dell Update
2017-07-02 21:20 - 2017-07-02 22:04 - 00000000 ____D C:\Users\cofun\Desktop\bryan and cindy wedding day pics
2017-07-02 20:11 - 2017-07-02 20:11 - 00004340 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2017-07-02 20:11 - 2017-07-02 20:11 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000007-000000.txt
2017-06-28 15:46 - 2017-06-29 15:44 - 00000088 _____ C:\Users\cofun\Desktop\rccl info.txt
2017-06-27 12:04 - 2017-07-12 15:03 - 00003494 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-06-27 12:03 - 2017-06-27 12:03 - 00003902 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-06-27 12:03 - 2017-06-27 12:03 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2017-06-27 12:02 - 2017-07-05 14:05 - 00000000 ____D C:\ProgramData\SupportAssist
2017-06-22 12:50 - 2017-06-22 12:50 - 00002119 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2017-06-22 12:50 - 2017-06-22 12:50 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-06-22 12:50 - 2017-06-22 12:50 - 00000000 ____D C:\Program Files\Dell Support Center
2017-06-20 00:31 - 2017-07-18 13:04 - 00003246 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForcofun
2017-06-19 22:13 - 2017-07-10 22:09 - 00003808 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1983535665-203477353-737574883-1001
2017-06-19 22:13 - 2017-07-10 22:09 - 00003712 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1983535665-203477353-737574883-1001
2017-06-19 17:50 - 2017-06-19 17:50 - 00004340 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2017-06-19 17:49 - 2017-06-19 17:49 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2017-06-19 15:21 - 2017-06-19 15:21 - 77016296 _____ C:\Users\cofun\Downloads\Thomas Vilfroy cbn 9606.zip
2017-06-19 14:17 - 2017-06-19 14:17 - 00272811 _____ C:\Users\cofun\Downloads\Vilfroy, Thomas R  2017-0126.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 16:26 - 2017-06-11 18:07 - 01044998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-18 16:25 - 2016-11-23 17:25 - 00000000 ____D C:\Users\cofun\AppData\LocalLow\Mozilla
2017-07-18 16:24 - 2016-06-15 11:51 - 00000000 ___RD C:\Users\cofun\OneDrive
2017-07-18 16:23 - 2016-07-09 11:46 - 00000000 ___RD C:\Users\cofun\iCloudDrive
2017-07-18 16:19 - 2017-06-11 18:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-18 16:19 - 2016-12-27 12:44 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForcofun.job
2017-07-18 16:14 - 2017-03-18 05:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-18 15:19 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-18 15:17 - 2016-06-15 11:50 - 00000000 ____D C:\Users\cofun\AppData\Local\Comms
2017-07-18 15:13 - 2017-03-18 15:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-18 15:13 - 2016-06-15 11:48 - 00000000 ____D C:\Users\cofun\AppData\Local\Packages
2017-07-18 13:22 - 2017-06-11 17:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 13:14 - 2017-06-11 18:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2017-07-18 13:12 - 2017-05-08 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-18 13:12 - 2017-02-16 16:18 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-07-18 12:58 - 2017-06-11 20:18 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4C5FB389-8B92-4C98-B524-E9688A259CAC}
2017-07-17 15:47 - 2017-01-16 16:24 - 00000000 ____D C:\Michael webinars
2017-07-17 11:22 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-17 11:22 - 2016-06-16 14:28 - 00000000 ____D C:\Users\cofun\AppData\Local\CrashDumps
2017-07-14 13:25 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-14 11:41 - 2016-06-10 20:02 - 00000000 ____D C:\Program Files\Dell
2017-07-14 11:31 - 2016-06-22 11:14 - 00000000 ____D C:\Users\cofun\AppData\Local\Citrix
2017-07-14 11:06 - 2016-11-15 14:23 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy
2017-07-14 11:04 - 2017-03-18 15:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-14 11:00 - 2017-06-11 17:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-14 11:00 - 2016-06-15 11:48 - 00000000 __SHD C:\Users\cofun\IntelGraphicsProfiles
2017-07-14 10:49 - 2016-06-10 20:29 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-14 10:28 - 2017-06-11 17:51 - 00000000 ____D C:\Users\cofun
2017-07-14 10:26 - 2017-06-11 17:46 - 00400376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-14 10:22 - 2017-03-18 15:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-14 10:21 - 2017-03-18 15:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-14 10:21 - 2017-03-18 15:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-14 10:21 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-14 10:21 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-14 10:21 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-14 10:21 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-14 10:21 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-14 10:21 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-14 10:20 - 2017-03-18 15:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-14 10:20 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-13 15:25 - 2016-11-14 14:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-13 12:14 - 2016-06-10 20:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-07-13 10:32 - 2016-06-22 14:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 20:14 - 2017-03-18 14:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-11 20:12 - 2016-06-15 14:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 20:09 - 2016-06-15 14:13 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-11 19:45 - 2017-03-18 05:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-11 19:40 - 2016-06-22 11:14 - 00000652 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1983535665-203477353-737574883-1001.job
2017-07-11 19:40 - 2016-06-22 11:14 - 00000556 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1983535665-203477353-737574883-1001.job
2017-07-11 19:40 - 2016-06-15 11:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-11 19:36 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-11 19:36 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-10 09:24 - 2016-06-15 15:24 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2017-07-08 08:36 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-08 07:49 - 2016-06-10 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-07-05 14:01 - 2016-11-29 20:44 - 00041641 _____ C:\Users\cofun\Desktop\Check Register.xlsx
2017-07-02 22:11 - 2017-06-13 21:35 - 00000000 ____D C:\Users\cofun\Desktop\bryan and cindy wedding slideshow
2017-07-02 21:51 - 2017-02-02 17:02 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-07-02 21:51 - 2017-02-02 17:02 - 00001030 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-07-02 21:14 - 2016-06-10 20:03 - 00000000 ____D C:\ProgramData\PCDr
2017-06-30 08:47 - 2017-03-18 15:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 08:47 - 2017-03-18 15:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-27 16:15 - 2017-04-27 15:56 - 00000000 ____D C:\Program Files (x86)\Legacy9
2017-06-27 12:22 - 2016-06-28 23:27 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 12:22 - 2016-06-28 23:27 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-21 11:07 - 2017-06-11 18:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-06-19 21:15 - 2016-09-07 07:21 - 00000000 ____D C:\Users\cofun\AppData\Local\ConnectedDevicesPlatform
2017-06-19 15:43 - 2016-06-10 20:03 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2017-06-19 14:15 - 2017-06-11 20:20 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-19 14:15 - 2016-06-15 11:51 - 00002365 _____ C:\Users\cofun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories =======

2016-09-12 15:23 - 2016-09-12 15:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-06-11 17:50 - 2017-06-11 17:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\cofun\jobq.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-10 12:13

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 19 July 2017 - 07:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\Winlogon: [Shell] - <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\sszweai3.default-1481577459777 -> hxxps://search.norton.com?o=APN12179&prt=SSS&chn=store&ver=1.0.1.5&tpr=111&guid=742708b9-3ff1-472b-ee08-0b7914955737&doi=2017-7-18
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Extension: (Norton Security Toolbar) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
S4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

p.s.
Add the Addition.txt log that was created by the Farbar program in your reply.

#3 TomV22

TomV22
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 19 July 2017 - 09:19 AM

Here is the Addition.txt from the first run (didn't know if the above would remove that so thought I post that now before running the above)

 

Addition.txt

 

---------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by cofun (18-07-2017 16:47:47)
Running from C:\Users\cofun\Downloads
Windows 10 Home Version 1703 (X64) (2017-06-12 00:21:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1983535665-203477353-737574883-500 - Administrator - Disabled)
cofun (S-1-5-21-1983535665-203477353-737574883-1001 - Administrator - Enabled) => C:\Users\cofun
DefaultAccount (S-1-5-21-1983535665-203477353-737574883-503 - Limited - Disabled)
Guest (S-1-5-21-1983535665-203477353-737574883-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{FDF43F53-B12C-41F4-B248-F67CE924E7D7}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{4A7F2465-EAE2-4A22-9842-2A0F537F243E}) (Version: 2.6.2.4 - Intel) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Ancestry World Archives Project - Keying Tool (HKLM-x32\...\{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}) (Version: 1.1.0103 - Ancestry.com)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.13.1 - Bethesda Softworks)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Dell Click 2 Fix+ (HKLM\...\Dell Click 2 Fix+_is1) (Version: 2.004.032.2615.03 - Dell)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.)
Dell Power Manager Lite (HKLM-x32\...\DpmLite_Iris_2014_is1) (Version: 1.0.4 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM\...\{90881C8E-6C4F-4662-9923-85AFCA058C44}) (Version: 2.0.1.7 - Dell)
Dell System Detect (HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\d24084d039586cae) (Version: 8.5.0.4 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{EEA45885-F3E3-4E7D-8435-E9C21D36C141}) (Version: 3.0.0.2840 - Dell Inc.)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
DNAGedcom Client (HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\de853180d47c1483) (Version: 1.4.6.1 - DNAGedcom)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Families Sync (HKLM-x32\...\{B2AD77A5-5A8D-48BF-9DFE-5CD27D8D05C6}) (Version: 2.1.7 - TelGen)
FamilySearch Indexing 3.27.7 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.27.7 - FamilySearch)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.8.0.7297 (HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\GoToMeeting) (Version: 8.8.0.7297 - LogMeIn, Inc.)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.7.27.15 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66e8e99a-eb6f-4403-9fc2-0ddd4d6f353e}) (Version: 2.6.2.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Legacy 9.0 (HKLM-x32\...\Legacy 9.0) (Version: 9.0  - Millennia Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6570.2 - Waves Audio Ltd.) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.9.4.8 - Symantec Corporation)
NowInStock.net Desktop Alerts (HKLM-x32\...\{38F5033D-990C-0EA9-4491-52A583695241}) (Version: 0.255 - UNKNOWN) Hidden
NowInStock.net Desktop Alerts (HKLM-x32\...\com.adobe.example.NISDesktopAlerts.8B84194D4D9FFDB4F2F41B07D0F160207BFE7624.1) (Version: 0.906 - UNKNOWN)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7654 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version:  - Bethesda Softworks)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Wizardry 6 (HKLM-x32\...\1207662763_is1) (Version: 2.2.0.18 - GOG.com)
Zoom (HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1983535665-203477353-737574883-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\cofun\AppData\Local\Citrix\GoToMeeting\6956\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers01: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers01: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\NavShExt.dll [2017-05-26] (Symantec Corporation)
ContextMenuHandlers02: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\NavShExt.dll [2017-05-26] (Symantec Corporation)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-07] (Intel Corporation)
ContextMenuHandlers06: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers06: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\NavShExt.dll [2017-05-26] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005F5F83-8C79-4A17-B8E2-55C2560D1EA7} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {0281B58D-52BB-47B6-BFA0-027522122066} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {099B694A-3F6F-43F1-9639-12D806C661FF} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {09C250E9-420B-4612-97DB-203C74E4FCD9} - System32\Tasks\Norton 360\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {0CE961D6-7F38-4AF1-AE46-73418246B32A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {0D7B9E39-F58E-4C9B-9A27-AFD08D662A8D} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {0F7DC9A1-BE18-4B40-9CB1-BB8DD16DFCCE} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {147C8E89-3F5C-42FA-947B-92C7C4BC83A5} - System32\Tasks\G2MUploadTask-S-1-5-21-1983535665-203477353-737574883-1001 => C:\Users\cofun\AppData\Local\GoToMeeting\7297\g2mupload.exe [2017-07-10] (LogMeIn, Inc.)
Task: {1FE30399-7A2F-492C-A8F6-0E7012BEB141} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {236C7752-2B16-450D-9C95-FD8F751EFD22} - \HP AR Program Upload - 53e9eff40a8146f2a500859c46aaff3ec08e668fc7c74a4db0f717f309c52c8f -> No File <==== ATTENTION
Task: {2BE5668A-4D3B-45A9-975C-C50A01E3A33C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-05-09] (Apple Inc.)
Task: {3519FEF5-89E3-4CA8-AFD0-67095EF923CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {36BE41E5-D769-4A92-9323-250DFB895FD4} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon -> No File <==== ATTENTION
Task: {37F97639-D15F-4590-911D-63034700FC8A} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION
Task: {3BCD83D3-3A5F-4F65-BDFE-F64E4AE310CA} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {3E542E15-0AE3-4328-A3E1-1B40235BFE0A} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {4467C447-2F23-466D-A592-E34B01FCD126} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {4C4EAB8B-EB21-491D-8A68-84CE45B36DDE} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {56DCDEA3-FE8B-4F41-B492-650E44E30A4F} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {59348A78-39E6-45A5-AC17-73E1A155B2EF} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {59F6D76D-CA6A-4333-88D4-9FA735C2ED6A} - \HPCustParticipation HP Photosmart 5520 series -> No File <==== ATTENTION
Task: {5A51798B-3695-4808-B98C-AEE6B3F21E0C} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION
Task: {5DD29F5D-5FC5-4970-893F-AEF7C028DC7C} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38L130NC -> No File <==== ATTENTION
Task: {5EB95DAC-CE04-42B5-A850-6BC68B45BB81} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-06-28] (Dell Inc.)
Task: {5F3BEEA4-6697-4A41-B0EC-4921436E54FF} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6B3A1215-76D9-42EA-A9CD-6DB18E056C4B} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {6DD03562-81F8-464C-8AF7-DBD076CD97F5} - \RtHDVBg_PushButton -> No File <==== ATTENTION
Task: {756F7D9F-79FB-4D0F-822D-22A3817B1523} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {77AE9579-58ED-4770-ACF3-B6BBD285D73E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8AF3753C-5F66-4427-B703-5786EB72FAD7} - \Hewlett-Packard\HP Support Assistant\Product Configurator -> No File <==== ATTENTION
Task: {971606B1-5A20-4ABD-B14A-D35CB767E8AF} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {9C22641B-8FCC-489B-9E11-090F893F85DC} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {AA0EC1EB-A606-4A68-9856-40306B62EF46} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {AB51AFA4-CB9E-46A0-818E-FD0E3C6CDC85} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {BD9A0650-4BCA-43FF-88E6-F53ABDA2DAF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {C0C9DFC5-5460-4230-B5C5-E2633F332B33} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {C222B2C9-29BA-4397-BF08-9280107E6168} - System32\Tasks\HPCeeScheduleForcofun => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {C5721888-F0D1-4973-A89A-8D07CFB22C2E} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {C5F428DF-24C5-486F-98F2-815C7FD9D210} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C8E0B187-F66E-425F-ABB3-B580FE033011} - \USER_ESRV_SVC_QUEENCREEK -> No File <==== ATTENTION
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CFA10625-9A40-4866-AB73-F1253AADEF6B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D12B37DA-5AFD-47BC-8523-850732AF351A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2017-05-26] (Symantec Corporation)
Task: {DCCD23FB-36B5-4B31-A7D9-F6885418EC43} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {F1C3B838-8311-4BCA-9069-C225DC152446} - System32\Tasks\G2MUpdateTask-S-1-5-21-1983535665-203477353-737574883-1001 => C:\Users\cofun\AppData\Local\GoToMeeting\7297\g2mupdate.exe [2017-07-10] (LogMeIn, Inc.)
Task: {F2E8AEE7-FC5C-48F8-B9EE-8C172CA9D525} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {F798F25A-0D64-4F99-95E7-6D44477245F7} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis -> No File <==== ATTENTION
Task: {FC232DCF-B6A1-4059-BC61-38710121F9F7} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1983535665-203477353-737574883-1001.job => C:\Users\cofun\AppData\Local\GoToMeeting\7297\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1983535665-203477353-737574883-1001.job => C:\Users\cofun\AppData\Local\GoToMeeting\7297\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForcofun.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-03-18 14:58 - 2017-03-18 14:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-14 11:42 - 2017-01-07 01:27 - 00925240 _____ () C:\Program Files\Dell\Click 2 Fix+\sqlite3.dll
2017-07-14 11:42 - 2017-01-18 18:13 - 00533520 _____ () C:\Program Files\Dell\Click 2 Fix+\ProtocolFilters.dll
2017-07-14 11:42 - 2017-01-18 18:11 - 00107520 _____ () C:\Program Files\Dell\Click 2 Fix+\nfapi.dll
2017-03-18 14:59 - 2017-03-18 20:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-18 15:12 - 2017-07-18 15:13 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-18 15:12 - 2017-07-18 15:13 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-18 15:12 - 2017-07-18 15:13 - 43573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-18 15:12 - 2017-07-18 15:13 - 02435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-07-13 12:13 - 2017-07-12 13:58 - 00746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-13 12:13 - 2017-07-12 13:58 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-06 10:13 - 2017-07-12 13:58 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 01862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-13 12:13 - 2017-07-12 13:58 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-13 12:13 - 2017-07-12 13:58 - 00020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-13 12:13 - 2017-07-12 13:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-06 10:13 - 2017-07-12 13:58 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 00062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 00040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-13 12:13 - 2017-07-12 13:58 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-13 12:13 - 2017-07-12 13:58 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-06 10:13 - 2017-07-12 13:58 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-13 12:13 - 2017-07-12 13:58 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-13 12:13 - 2017-07-12 13:59 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-13 12:13 - 2017-07-12 13:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-13 12:13 - 2017-07-12 13:59 - 00181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-06 10:13 - 2017-07-12 14:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-13 12:13 - 2017-07-12 13:59 - 00024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-13 12:13 - 2017-07-12 13:59 - 01637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-06 10:13 - 2017-07-12 14:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-06 10:13 - 2017-07-12 14:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-13 12:13 - 2017-07-12 14:00 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 01:24 - 2015-08-13 14:46 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1983535665-203477353-737574883-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cofun\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: DDVCollectorSvcApi => 2
MSCONFIG\Services: DDVDataCollector => 2
MSCONFIG\Services: DDVRulesProcessor => 2
MSCONFIG\Services: Dell Customer Connect => 2
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: Dell Help & Support => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: DellUpdate => 2
MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: GoToAssist => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® Security Assist => 3
MSCONFIG\Services: Intel® WiDi SAM => 3
MSCONFIG\Services: IntelUSBoverIP => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: isaHelperSvc => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: N360 => 2
MSCONFIG\Services: Product Registration => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: SystemUsageReportSvc_QUEENCREEK => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 2
MSCONFIG\Services: WavesSysSvc => 2
MSCONFIG\Services: ZeroConfigService => 2
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\StartupApproved\Run: => "GalaxyClient"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0EE7EDBD-E644-46C0-93EF-75C7EF63DD91}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D2896A95-36F8-4324-A1EC-5489DD600E44}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C28F79BB-DADC-4D2F-98DE-C8CF07C119B2}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7FF2A591-867B-4C4D-BECC-1B63BBD27213}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BB9DF01E-BD97-48F8-9B70-596A08B619E5}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
FirewallRules: [{6974B74B-786E-446E-A35F-5E63FA5F764F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{880EC650-B24F-4BE8-A8C5-6E8B7014A391}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{3866A26D-9B20-4798-BC39-1435591221AA}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{0911B6C3-011B-498D-A6D4-DD3128A50A45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DF645FD-DD62-4170-8DB7-88FA2D56A7CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EDC1D10D-A83B-4DF5-823E-ABFEF7BBC039}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3807C43B-3963-4947-9F38-5F5860EEAA04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72FBE8E6-AF96-45DE-B914-B477BD32F3AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B37B26D-5BCF-427D-850E-3B6F3FC28D29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9AB69FD-6F48-49F9-967C-9D9964A1AE56}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1BFA9DA7-4759-4F45-A70B-5B5C12733483}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{07DB8DC2-13F3-4D53-9DC7-C0F0AD08E2C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C156E65C-D184-4877-9C7C-1C5C05F4ECC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F6898155-8155-473C-B861-64E01AF3F1FA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3F80BE89-F2D8-431F-9AE0-23E267C6038E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{EB0DE969-BB25-400B-AA01-3908B22CA1B7}] => (Allow) C:\Program Files\Dell\Click 2 Fix+\cust.exe

==================== Restore Points =========================

14-07-2017 18:36:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2017 04:39:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOMSLAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/18/2017 04:29:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/18/2017 04:20:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOMSLAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/18/2017 04:10:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOMSLAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/18/2017 03:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOMSLAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/18/2017 03:10:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TOMSLAPTOP)
Description: Package Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (07/18/2017 03:10:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOMSLAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/18/2017 02:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOMSLAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/18/2017 02:10:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOMSLAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/18/2017 01:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOMSLAPTOP)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (07/18/2017 04:23:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (07/18/2017 04:22:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (07/18/2017 04:21:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (07/18/2017 04:20:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/18/2017 04:20:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/18/2017 04:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/18/2017 04:14:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DDVDataCollector service.

Error: (07/18/2017 12:54:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 03:19:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 10:47:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-07-14 11:08:40.020
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-14 11:08:40.016
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-14 10:29:09.034
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-14 10:29:09.031
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-14 10:21:58.312
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-14 10:21:58.238
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-11 19:47:30.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-11 19:47:30.086
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-02 20:16:38.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-02 20:16:38.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-5015U CPU @ 2.10GHz
Percentage of memory in use: 44%
Total physical RAM: 6054 MB
Available physical RAM: 3343.77 MB
Total Virtual: 15270 MB
Available Virtual: 12638.17 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.42 GB) (Free:756.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F6B7A723)

Partition: GPT.

==================== End of Addition.txt ============================



#4 TomV22

TomV22
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 19 July 2017 - 09:36 AM

Fix log follows

 

Still experience slowness after doing the fix.  Still getting 100% hard drive hit when I open Task Manager

 

Did see the following items (while Task manager open) that seem to be at the top of the list the most :

usermode font driver host
dropbox  (I do use that)

 

those 2 items seem to be at the top of the list the most during bootup.

 

fix log.txt

--------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by cofun (19-07-2017 08:20:55) Run:1
Running from C:\Users\cofun\Downloads
Loaded Profiles: cofun (Available Profiles: cofun)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-1983535665-203477353-737574883-1001\...\Winlogon: [Shell] - <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\sszweai3.default-1481577459777 -> hxxps://search.norton.com?o=APN12179&prt=SSS&chn=store&ver=1.0.1.5&tpr=111&guid=742708b9-3ff1-472b-ee08-0b7914955737&doi=2017-7-18
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Extension: (Norton Security Toolbar) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
S4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key removed successfully
HKU\S-1-5-21-1983535665-203477353-737574883-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
Firefox "homepage" removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Norton Security Toolbar) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-07-14] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Web Store Payments) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 196187577 B
Java, Flash, Steam htmlcache => 5830 B
Windows/system/drivers => 32651938 B
Edge => 37577 B
Chrome => 778338790 B
Firefox => 394107641 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 9380 B
NetworkService => 17016 B
cofun => 34026815 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-07-2017 08:25:29)

"C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx" => Could not move
"C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx" => Could not move

==== End of Fixlog 08:25:29 ====



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 19 July 2017 - 09:51 AM

Hi,

Run this fix but I do not believe that it will solve your problem .

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0281B58D-52BB-47B6-BFA0-027522122066} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {099B694A-3F6F-43F1-9639-12D806C661FF} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {0D7B9E39-F58E-4C9B-9A27-AFD08D662A8D} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {0F7DC9A1-BE18-4B40-9CB1-BB8DD16DFCCE} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {236C7752-2B16-450D-9C95-FD8F751EFD22} - \HP AR Program Upload - 53e9eff40a8146f2a500859c46aaff3ec08e668fc7c74a4db0f717f309c52c8f -> No File <==== ATTENTION
Task: {36BE41E5-D769-4A92-9323-250DFB895FD4} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon -> No File <==== ATTENTION
Task: {37F97639-D15F-4590-911D-63034700FC8A} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION
Task: {3BCD83D3-3A5F-4F65-BDFE-F64E4AE310CA} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {3E542E15-0AE3-4328-A3E1-1B40235BFE0A} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {4467C447-2F23-466D-A592-E34B01FCD126} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {4C4EAB8B-EB21-491D-8A68-84CE45B36DDE} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {56DCDEA3-FE8B-4F41-B492-650E44E30A4F} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {59348A78-39E6-45A5-AC17-73E1A155B2EF} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {59F6D76D-CA6A-4333-88D4-9FA735C2ED6A} - \HPCustParticipation HP Photosmart 5520 series -> No File <==== ATTENTION
Task: {5A51798B-3695-4808-B98C-AEE6B3F21E0C} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION
Task: {5DD29F5D-5FC5-4970-893F-AEF7C028DC7C} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38L130NC -> No File <==== ATTENTION
Task: {5F3BEEA4-6697-4A41-B0EC-4921436E54FF} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6B3A1215-76D9-42EA-A9CD-6DB18E056C4B} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {6DD03562-81F8-464C-8AF7-DBD076CD97F5} - \RtHDVBg_PushButton -> No File <==== ATTENTION
Task: {756F7D9F-79FB-4D0F-822D-22A3817B1523} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {8AF3753C-5F66-4427-B703-5786EB72FAD7} - \Hewlett-Packard\HP Support Assistant\Product Configurator -> No File <==== ATTENTION
Task: {971606B1-5A20-4ABD-B14A-D35CB767E8AF} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {9C22641B-8FCC-489B-9E11-090F893F85DC} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {AA0EC1EB-A606-4A68-9856-40306B62EF46} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {AB51AFA4-CB9E-46A0-818E-FD0E3C6CDC85} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {C0C9DFC5-5460-4230-B5C5-E2633F332B33} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {C5F428DF-24C5-486F-98F2-815C7FD9D210} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C8E0B187-F66E-425F-ABB3-B580FE033011} - \USER_ESRV_SVC_QUEENCREEK -> No File <==== ATTENTION
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CFA10625-9A40-4866-AB73-F1253AADEF6B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DCCD23FB-36B5-4B31-A7D9-F6885418EC43} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {F2E8AEE7-FC5C-48F8-B9EE-8C172CA9D525} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {F798F25A-0D64-4F99-95E7-6D44477245F7} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis -> No File <==== ATTENTION
Task: {FC232DCF-B6A1-4059-BC61-38710121F9F7} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#6 TomV22

TomV22
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 20 July 2017 - 10:39 AM

Well running farbar program with fixlist and has been running close to 30 minutes now. Should I be worried? Sadly seems notifications for replys appears to not work for me

Update..seems there was another dialog box that appeared with no text but wanted me to click it to reboot the computer.

Edited by TomV22, 20 July 2017 - 10:52 AM.


#7 TomV22

TomV22
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 20 July 2017 - 10:59 AM

fixlog

 

-------

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by cofun (20-07-2017 09:13:13) Run:2
Running from C:\Users\cofun\Downloads
Loaded Profiles: cofun (Available Profiles: cofun)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0281B58D-52BB-47B6-BFA0-027522122066} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {099B694A-3F6F-43F1-9639-12D806C661FF} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {0D7B9E39-F58E-4C9B-9A27-AFD08D662A8D} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {0F7DC9A1-BE18-4B40-9CB1-BB8DD16DFCCE} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {236C7752-2B16-450D-9C95-FD8F751EFD22} - \HP AR Program Upload - 53e9eff40a8146f2a500859c46aaff3ec08e668fc7c74a4db0f717f309c52c8f -> No File <==== ATTENTION
Task: {36BE41E5-D769-4A92-9323-250DFB895FD4} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon -> No File <==== ATTENTION
Task: {37F97639-D15F-4590-911D-63034700FC8A} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION
Task: {3BCD83D3-3A5F-4F65-BDFE-F64E4AE310CA} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {3E542E15-0AE3-4328-A3E1-1B40235BFE0A} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {4467C447-2F23-466D-A592-E34B01FCD126} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {4C4EAB8B-EB21-491D-8A68-84CE45B36DDE} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {56DCDEA3-FE8B-4F41-B492-650E44E30A4F} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {59348A78-39E6-45A5-AC17-73E1A155B2EF} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {59F6D76D-CA6A-4333-88D4-9FA735C2ED6A} - \HPCustParticipation HP Photosmart 5520 series -> No File <==== ATTENTION
Task: {5A51798B-3695-4808-B98C-AEE6B3F21E0C} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION
Task: {5DD29F5D-5FC5-4970-893F-AEF7C028DC7C} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38L130NC -> No File <==== ATTENTION
Task: {5F3BEEA4-6697-4A41-B0EC-4921436E54FF} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6B3A1215-76D9-42EA-A9CD-6DB18E056C4B} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {6DD03562-81F8-464C-8AF7-DBD076CD97F5} - \RtHDVBg_PushButton -> No File <==== ATTENTION
Task: {756F7D9F-79FB-4D0F-822D-22A3817B1523} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {8AF3753C-5F66-4427-B703-5786EB72FAD7} - \Hewlett-Packard\HP Support Assistant\Product Configurator -> No File <==== ATTENTION
Task: {971606B1-5A20-4ABD-B14A-D35CB767E8AF} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {9C22641B-8FCC-489B-9E11-090F893F85DC} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {AA0EC1EB-A606-4A68-9856-40306B62EF46} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {AB51AFA4-CB9E-46A0-818E-FD0E3C6CDC85} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {C0C9DFC5-5460-4230-B5C5-E2633F332B33} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {C5F428DF-24C5-486F-98F2-815C7FD9D210} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C8E0B187-F66E-425F-ABB3-B580FE033011} - \USER_ESRV_SVC_QUEENCREEK -> No File <==== ATTENTION
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CFA10625-9A40-4866-AB73-F1253AADEF6B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DCCD23FB-36B5-4B31-A7D9-F6885418EC43} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {F2E8AEE7-FC5C-48F8-B9EE-8C172CA9D525} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {F798F25A-0D64-4F99-95E7-6D44477245F7} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis -> No File <==== ATTENTION
Task: {FC232DCF-B6A1-4059-BC61-38710121F9F7} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0281B58D-52BB-47B6-BFA0-027522122066} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0281B58D-52BB-47B6-BFA0-027522122066} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{099B694A-3F6F-43F1-9639-12D806C661FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{099B694A-3F6F-43F1-9639-12D806C661FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D7B9E39-F58E-4C9B-9A27-AFD08D662A8D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D7B9E39-F58E-4C9B-9A27-AFD08D662A8D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F7DC9A1-BE18-4B40-9CB1-BB8DD16DFCCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F7DC9A1-BE18-4B40-9CB1-BB8DD16DFCCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{236C7752-2B16-450D-9C95-FD8F751EFD22} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{236C7752-2B16-450D-9C95-FD8F751EFD22} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP AR Program Upload - 53e9eff40a8146f2a500859c46aaff3ec08e668fc7c74a4db0f717f309c52c8f => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36BE41E5-D769-4A92-9323-250DFB895FD4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36BE41E5-D769-4A92-9323-250DFB895FD4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37F97639-D15F-4590-911D-63034700FC8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37F97639-D15F-4590-911D-63034700FC8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCD83D3-3A5F-4F65-BDFE-F64E4AE310CA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCD83D3-3A5F-4F65-BDFE-F64E4AE310CA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E542E15-0AE3-4328-A3E1-1B40235BFE0A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E542E15-0AE3-4328-A3E1-1B40235BFE0A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4467C447-2F23-466D-A592-E34B01FCD126} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4467C447-2F23-466D-A592-E34B01FCD126} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4520E8A9-AF06-4122-859B-E4B655B29B36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4520E8A9-AF06-4122-859B-E4B655B29B36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppID\SmartScreenSpecific => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C4EAB8B-EB21-491D-8A68-84CE45B36DDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C4EAB8B-EB21-491D-8A68-84CE45B36DDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDDataUploadTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56DCDEA3-FE8B-4F41-B492-650E44E30A4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56DCDEA3-FE8B-4F41-B492-650E44E30A4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59348A78-39E6-45A5-AC17-73E1A155B2EF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59348A78-39E6-45A5-AC17-73E1A155B2EF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59F6D76D-CA6A-4333-88D4-9FA735C2ED6A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59F6D76D-CA6A-4333-88D4-9FA735C2ED6A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Photosmart 5520 series => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A51798B-3695-4808-B98C-AEE6B3F21E0C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A51798B-3695-4808-B98C-AEE6B3F21E0C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel\Intel Telemetry 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DD29F5D-5FC5-4970-893F-AEF7C028DC7C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DD29F5D-5FC5-4970-893F-AEF7C028DC7C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38L130NC => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F3BEEA4-6697-4A41-B0EC-4921436E54FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F3BEEA4-6697-4A41-B0EC-4921436E54FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B3A1215-76D9-42EA-A9CD-6DB18E056C4B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B3A1215-76D9-42EA-A9CD-6DB18E056C4B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DD03562-81F8-464C-8AF7-DBD076CD97F5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DD03562-81F8-464C-8AF7-DBD076CD97F5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RtHDVBg_PushButton => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{756F7D9F-79FB-4D0F-822D-22A3817B1523} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{756F7D9F-79FB-4D0F-822D-22A3817B1523} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AF3753C-5F66-4427-B703-5786EB72FAD7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AF3753C-5F66-4427-B703-5786EB72FAD7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Product Configurator => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{971606B1-5A20-4ABD-B14A-D35CB767E8AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{971606B1-5A20-4ABD-B14A-D35CB767E8AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C22641B-8FCC-489B-9E11-090F893F85DC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C22641B-8FCC-489B-9E11-090F893F85DC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Synaptics TouchPad Enhancements => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA0EC1EB-A606-4A68-9856-40306B62EF46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA0EC1EB-A606-4A68-9856-40306B62EF46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB51AFA4-CB9E-46A0-818E-FD0E3C6CDC85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB51AFA4-CB9E-46A0-818E-FD0E3C6CDC85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Policy Install => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0C9DFC5-5460-4230-B5C5-E2633F332B33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C9DFC5-5460-4230-B5C5-E2633F332B33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5F428DF-24C5-486F-98F2-815C7FD9D210} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5F428DF-24C5-486F-98F2-815C7FD9D210} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6B2579B-4962-4D12-883D-BBD420573A6C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6B2579B-4962-4D12-883D-BBD420573A6C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8E0B187-F66E-425F-ABB3-B580FE033011} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8E0B187-F66E-425F-ABB3-B580FE033011} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\USER_ESRV_SVC_QUEENCREEK => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Plug and Play\Plug and Play Cleanup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFA10625-9A40-4866-AB73-F1253AADEF6B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFA10625-9A40-4866-AB73-F1253AADEF6B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCCD23FB-36B5-4B31-A7D9-F6885418EC43} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCCD23FB-36B5-4B31-A7D9-F6885418EC43} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2E8AEE7-FC5C-48F8-B9EE-8C172CA9D525} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2E8AEE7-FC5C-48F8-B9EE-8C172CA9D525} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F798F25A-0D64-4F99-95E7-6D44477245F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F798F25A-0D64-4F99-95E7-6D44477245F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Health Analysis => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC232DCF-B6A1-4059-BC61-38710121F9F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC232DCF-B6A1-4059-BC61-38710121F9F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\XblGameSave\XblGameSaveTaskLogon => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8528230 B
Java, Flash, Steam htmlcache => 1115 B
Windows/system/drivers => 93360 B
Edge => 0 B
Chrome => 0 B
Firefox => 235063201 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 1642 B
NetworkService => 0 B
cofun => 291324673 B

RecycleBin => 0 B
EmptyTemp: => 517.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:18:47 ====



#8 TomV22

TomV22
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 20 July 2017 - 11:46 AM

zoek-results log (also see post after this)

 

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by cofun on Thu 07/20/2017 at 10:05:26.68.
Microsoft Windows 10 Home 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\cofun\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7/20/2017 10:07:55 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow deleted successfully
C:\Users\cofun\AppData\Local\ActiveSync deleted successfully
C:\Users\cofun\AppData\Local\DBG deleted successfully
C:\Users\cofun\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Users\cofun\AppData\LocalLow\Unity deleted
C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777
user_pref("browser.startup.homepage", "https://search.norton.com?o=APN12179&prt=SSS&chn=store&ver=1.0.1.5&tpr=111&guid=9374edf1-4a99-47d7-c92c-1120722dcc67&doi=2017-7-20");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon" [07/10/2017 09:25 AM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon" [07/10/2017 09:25 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777
- Save Images - %ProfilePath%\extensions\LDSI_plashcor@gmail.com.xpi
- Lucky PDF Converter - %ProfilePath%\extensions\luckypdf@luckypdfconverter.com.xpi
- Norton Safe Search - %ProfilePath%\extensions\nortonsafesearch@symantec.com.xpi
- Undetermined - %ProfilePath%\extensions\nortonsafeweb@symantec.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777
F2AE028008AD02EC3C38CA6679EE4CC6    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll -    Shockwave Flash
7BADC55F3C529D1AAEEF3230B405BF54    - C:\Users\cofun\AppData\Roaming\Zoom\bin\npzoomplugin.dll -    Zoom launcher - 3.0.1
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\cofun\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Norton Security Toolbar - cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
AncestryDNA Helper - cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjflmfphflaeehhpdiggobllgffelfee
Ancestry Family Search Extension - cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahjgikepkkgkinlhipagkkdgfbobphh
Norton Identity Safe - cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Norton Safe Search as default for Chrome - cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl
Chrome Media Router - cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://dell15.msn.com/?pc=dcte"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{C5EF8950-DDD3-43E3-B11C-20A7E491DFF5}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://dell15.msn.com/?pc=dcte"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{C5EF8950-DDD3-43E3-B11C-20A7E491DFF5} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1983535665-203477353-737574883-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C5EF8950-DDD3-43E3-B11C-20A7E491DFF5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C5EF8950-DDD3-43E3-B11C-20A7E491DFF5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C5EF8950-DDD3-43E3-B11C-20A7E491DFF5} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\cofun\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\cofun\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\cofun\AppData\Local\Mozilla\Firefox\Profiles\sszweai3.default-1481577459777\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=75 folders=73 155376380 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\cofun\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Thu 07/20/2017 at 10:40:39.97 ======================
 



#9 TomV22

TomV22
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 20 July 2017 - 11:48 AM

while running zoesk, the following error message showed up :

 

DaS21 has stopped working

 

Hit Ok and that closed the issue

 

During boot up and watching task manager, saw the following 3 services be near the top:

 

Antimalware Service Executable
People Background Host Service
IAStorlCon
 

And still have slow system still..takes a good 5-10 minutes before I can really do anything after reboot and login.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 20 July 2017 - 12:47 PM

Lets see if the Windows Updates can be fixed.

Fix Windows Update errors

https://support.microsoft.com/en-gb/help/10164/fix-windows-update-errors


It supports Windows 7, Windows 8.1 and Windows 10. The site offers different options based on the operating system you select.

If you select Windows 10, you will be asked to download the Windows Update Troubleshooter and run it. For Windows 8.1 and Windows 7 users, you get different troubleshooters for their respective operating systems.

Some of the repair options provided by the tool: Try these.

Repair Windows Update Database corruption.
Repair Windows update components.
Check whether default Windows Update data locations have changed.
Fix improperly configured security settings, or missing settings.
Check for missing or corrupt files.
Fix service registration is missing or corrupt.
Fix system date and time arent correct.

It doesn't look like they spent a lot of time on this tool, but it should do its job and help get answers to error codes and fix the basic Windows problems users encounter.

#11 TomV22

TomV22
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 20 July 2017 - 02:38 PM

I am in the middle of something or I would reboot the computer...Here is what the troubleshooter found.  Will let you know about the slowness after I finished my tasks.

 

Service registration missing or corrupt            fixed
Potential Windows Update database error detected    fixed
Windows Update components must be repaired        fixed
Check for pending updates                fixed
 



#12 TomV22

TomV22
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 21 July 2017 - 08:38 AM

Oops, totally spaced out on this about rebooting and checking if slowness improved or not - my bad.

After rebooting the computer, and of course another windows update as well since it is friday morning, sadly still slow after login.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 21 July 2017 - 10:21 AM



Hi,

You may be able to find a solution on this topic.
https://www.reginout.com/help-center/pc-slow-windows-10-creators-update/

If in the last resort you decide to use the System restore. After a restart of the computer run the Farbar tool.

The restore may also restore the items that I removed with my Farbar fix.
Please run the Farbar tool again and post fresh FRST and Addition.txt logs for my review.

Ensure that the box to created an Addition.txt file is marked so that a new file is created.

#14 TomV22

TomV22
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 22 July 2017 - 11:30 AM

In regards to that above link, I also downloaded the RegInOut software and it claims to have found a lot of registry errors (807), junk files (1.08 gb), internet speed (26) and system speed issues (21).  I didn't buy the software yet, just ran the test software.   So are those values legit (i.e. put up numbers so one would buy the software)?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 22 July 2017 - 01:35 PM


Not recommended.
https://www.symantec.com/security_response/writeup.jsp?docid=2016-033014-0618-99
===

Run this tool - CCleaner.
https://www.piriform.com/ccleaner/download

I do not suggest you clean your Registry.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users