Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser image, video searches by itself


  • This topic is locked This topic is locked
77 replies to this topic

#46 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:06 AM

Posted 06 September 2017 - 09:03 PM

Ideally we want to run that until you get a redirect. Shall I assume you haven't gotten one while running the program?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

BC AdBot (Login to Remove)

 


#47 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 07 September 2017 - 11:15 AM

I usually turn the computers off at night. When you say run the program do you mean that I should keep the program open but minimized? Or do you mean to run scan once the redirect occurs?

Right, we haven't had any redirects this week.

#48 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:06 AM

Posted 07 September 2017 - 12:46 PM

As long as the program is open it will monitor the Port. You can minimize it and just use your computer normally.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#49 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 08 September 2017 - 11:12 AM

Hi Gary,

 

We had another redirect last night on the laptop. It occurred earlier in the day, before leaving Currports open. I did post a text file.

 

Will continue to monitor into weekend. Looking at OpenDNS stats page, it shows that IPV6 address attempts. Hearing that there may be possible hacker avenues with Ipv6...just a thought.

 

Right now, the most redirects are occurring on my wifes new Moto G4 Android phone with a new phone number that is not connected to wifi. How is that possible? I added a google play filter that is blocking must, but not sure why she is a target. Even stranger is the redirects are similar to what had previously been seen on laptop.

 

thanks.



#50 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:06 AM

Posted 08 September 2017 - 02:16 PM

The only thing I can suggest is to find out what information is being synced to the phone.

Can you check your Bing location settings and confirm they are set to your area.

Edited by Oh My!, 08 September 2017 - 02:21 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#51 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 08 September 2017 - 05:03 PM

The only commonalities are Yahoo Mail that is her account. But that account is not connected to other programs. We setup a brand new Gmail account for the phone. I am sure I am missing something....

 

google accounts records the searches and I can see history of everyone.

 

Also reading about javascipts and how they can be used for redirects.



#52 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:06 AM

Posted 08 September 2017 - 07:53 PM

Hi Nick.
 

Please boot into Safe Mode with Networking and test your computer.

Were you able to do this?

I want to run a variety of things. You can post the results as you get them since you won't be able to just use one post.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
  • Run a FRST scan and copy/paste both logs in your reply
===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the icon to launch the program
  • Place a check mark in Scan All Users
  • Click Run Scan
  • Copy and paste the two reports in your next reply

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

===================================================

RogueKiller Anti-Malware

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit and save it to your desktop
  • Right click on the mbar icon then select Run as administrator
  • Click OK to install it on your desktop
  • Click Next, then Update Database
  • When completed click Next
  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete
  • Click the Exit button not Cleanup then click Yes on the warning screen
  • A system-log.txt report will be created in the mbar folder on your Desktop, please copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST report
  • Addition report
  • OTL reports (2)
  • RogueKiller report
  • MBAR report
  • MTB report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#53 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 09 September 2017 - 02:45 PM

ok. working the various scans. The 1st is the Fixlog. followed by

Had problems with wifi working with Safemode. will try again later.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Donya (09-09-2017 12:32:22) Run:1
Running from C:\Users\Donya\Desktop
Loaded Profiles: Donya (Available Profiles: Donya)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-271341534-3625449929-2082456808-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-271341534-3625449929-2082456808-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15794760 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 10919388 B
Edge => 4613 B
Chrome => 154624 B
Firefox => 106687697 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 906262 B
Donya => 44111616 B

RecycleBin => 0 B
EmptyTemp: => 177.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:34:11 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Donya (administrator) on DONYA (09-09-2017 12:40:50)
Running from C:\Users\Donya\Desktop
Loaded Profiles: Donya (Available Profiles: Donya)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3955888 2015-09-01] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [410608 2017-02-24] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.)
HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
IFEO\MicrosoftEdge.exe: [Debugger] C:\Windows\system32\svchost.exe
Startup: C:\Users\Donya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.222.123 208.67.220.123
Tcpip\..\Interfaces\{15f41b87-4fbb-45b5-8287-ae3251600c3b}: [NameServer] 208.67.222.123,208.67.220.123
Tcpip\..\Interfaces\{15f41b87-4fbb-45b5-8287-ae3251600c3b}: [DhcpNameServer] 208.67.222.123 208.67.220.123
Tcpip\..\Interfaces\{a2edd166-89d2-48eb-bd49-9c58d35f7597}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-271341534-3625449929-2082456808-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

Edge:
======
Edge Extension: (Amazon Assistant) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1706.29.0_neutral__343d40qqvtj1t [2017-07-06]

FireFox:
========
FF DefaultProfile: 1p7kpttt.default-1501736790557
FF ProfilePath: C:\Users\Donya\AppData\Roaming\Mozilla\Firefox\Profiles\1p7kpttt.default-1501736790557 [2017-09-09]
FF Homepage: Mozilla\Firefox\Profiles\1p7kpttt.default-1501736790557 -> about:home
FF Extension: (Block site) - C:\Users\Donya\AppData\Roaming\Mozilla\Firefox\Profiles\1p7kpttt.default-1501736790557\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2017-08-26]
FF Extension: (Firefox Screenshots) - C:\Users\Donya\AppData\Roaming\Mozilla\Firefox\Profiles\1p7kpttt.default-1501736790557\features\{b2e9ac65-8489-407f-ac96-61b543b4ccd6}\screenshots@mozilla.org.xpi [2017-09-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-22] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Donya\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-09]
CHR Extension: (Google Docs) - C:\Users\Donya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-20]
CHR Extension: (Google Drive) - C:\Users\Donya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-20]
CHR Extension: (YouTube) - C:\Users\Donya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Donya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Donya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\Donya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-09-06] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382448 2017-02-24] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-16] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-16] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256688 2015-09-01] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-10] (Microsoft Corporation)
S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
S4 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-06-20] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2017-09-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [67248 2015-09-01] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-09 12:40 - 2017-09-09 12:41 - 000015204 _____ C:\Users\Donya\Desktop\FRST.txt
2017-09-09 12:32 - 2017-09-09 12:34 - 000004001 _____ C:\Users\Donya\Desktop\Fixlog.txt
2017-09-09 12:31 - 2017-09-09 12:31 - 002395648 _____ (Farbar) C:\Users\Donya\Desktop\FRST64.exe
2017-09-09 12:30 - 2017-09-09 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-09 12:24 - 2017-09-09 12:24 - 000000000 ____D C:\WINDOWS\pss
2017-09-06 18:45 - 2017-09-06 18:45 - 000118233 _____ C:\Users\Donya\Downloads\cports-x64.zip
2017-09-06 03:29 - 2017-09-06 03:29 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-06 03:29 - 2017-09-06 03:29 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-06 03:29 - 2017-09-06 03:29 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-06 03:29 - 2017-09-06 03:29 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-01 18:54 - 2017-09-01 18:54 - 000002082 _____ C:\Users\Donya\Desktop\PokerStars.net.lnk
2017-09-01 16:20 - 2017-09-06 18:46 - 000188112 _____ (NirSoft) C:\Users\Donya\Desktop\cports.exe
2017-09-01 16:19 - 2017-09-06 18:46 - 000026408 _____ C:\Users\Donya\Desktop\readme.txt
2017-09-01 16:19 - 2017-09-06 18:46 - 000020496 _____ C:\Users\Donya\Desktop\cports.chm
2017-08-26 19:34 - 2017-08-26 19:37 - 000000412 _____ C:\Users\Donya\Downloads\DisableMicrosoftEdge.reg
2017-08-20 23:09 - 2017-08-20 23:09 - 000003256 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2017-08-18 19:53 - 2017-09-09 12:36 - 000000000 ____D C:\Users\Donya\Desktop\laptop scans

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-09 12:40 - 2017-05-03 18:55 - 000000000 ____D C:\FRST
2017-09-09 12:38 - 2017-07-29 21:36 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F7CBF261-0FA6-4849-A65A-501D84059863}
2017-09-09 12:36 - 2017-05-15 16:57 - 000136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-09 12:35 - 2017-07-29 21:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-09 12:35 - 2017-07-29 21:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-09 12:35 - 2017-07-29 21:11 - 000389096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-09 12:35 - 2016-05-17 13:12 - 000000000 __SHD C:\Users\Donya\IntelGraphicsProfiles
2017-09-09 12:34 - 2017-04-07 10:14 - 000000000 ____D C:\Users\Donya\AppData\LocalLow\Temp
2017-09-09 12:34 - 2017-03-18 04:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-09 12:31 - 2015-09-02 23:09 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-09 12:23 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-09 12:20 - 2017-08-01 20:26 - 000000000 ____D C:\Users\Donya\AppData\Local\CrashDumps
2017-09-09 12:17 - 2017-05-09 21:55 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-08 23:33 - 2017-07-29 21:17 - 000000000 ____D C:\Users\Donya
2017-09-08 23:19 - 2014-11-08 22:21 - 000000000 ____D C:\Users\Donya\AppData\Local\PokerStars.NET
2017-09-08 22:43 - 2016-05-17 13:13 - 000000000 ____D C:\Users\Donya\AppData\Local\Comms
2017-09-08 21:33 - 2017-07-29 21:36 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-271341534-3625449929-2082456808-1001
2017-09-08 21:33 - 2016-05-17 13:17 - 000002402 _____ C:\Users\Donya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-08 21:33 - 2014-09-14 16:53 - 000000000 __RDO C:\Users\Donya\OneDrive
2017-09-08 20:34 - 2017-07-29 21:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-08 17:42 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-08 17:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-07 22:41 - 2014-09-14 16:50 - 000000000 ____D C:\Users\Donya\AppData\Local\Packages
2017-09-07 21:11 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-04 23:37 - 2017-07-29 21:34 - 001279298 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-01 19:02 - 2014-11-08 22:21 - 000000000 ____D C:\Program Files (x86)\PokerStars.NET
2017-08-27 15:59 - 2016-09-20 19:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-26 19:43 - 2016-12-04 17:41 - 000000000 ____D C:\Users\Donya\AppData\LocalLow\Mozilla
2017-08-26 01:25 - 2017-04-19 20:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-22 16:18 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-18 19:50 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-17 21:31 - 2014-12-05 20:46 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2017-07-29 21:16 - 2017-07-29 21:16 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-05 06:44

==================== End of FRST.txt ============================



#54 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 09 September 2017 - 03:12 PM

Didnt finish my previous sentence. The previous post contained the Fixit log and the FRST scan.

 

This post contains the OTL and Extra text.

 

OTL logfile created on: 9/9/2017 12:52:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Donya\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.15063.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
11.88 Gb Total Physical Memory | 9.08 Gb Available Physical Memory | 76.37% Memory free
13.70 Gb Paging File | 10.83 Gb Available in Paging File | 79.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.09 Gb Total Space | 846.68 Gb Free Space | 92.12% Space Free | Partition Type: NTFS
 
Computer Name: DONYA | User Name: Donya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2017/09/09 12:52:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Donya\Downloads\OTL.exe
PRC - [2017/08/26 01:25:09 | 000,532,432 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2017/07/10 22:40:18 | 000,626,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontdrvhost.exe
PRC - [2017/03/14 04:12:34 | 003,042,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
PRC - [2015/09/01 23:50:40 | 000,256,688 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
PRC - [2015/08/04 00:21:48 | 001,411,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
PRC - [2015/08/04 00:21:48 | 000,312,056 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
PRC - [2015/03/16 16:44:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2015/03/16 16:44:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/03/16 16:44:00 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2017/09/06 03:29:48 | 000,049,992 | ---- | M] (Dropbox, Inc.) [Auto | Running] -- C:\Windows\SysNative\DbxSvc.exe -- (DbxSvc)
SRV:64bit: - [2017/08/04 23:13:46 | 000,053,208 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe -- (SupportAssistAgent)
SRV:64bit: - [2017/07/31 18:37:29 | 000,582,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2017/07/31 18:30:27 | 001,052,160 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TokenBroker.dll -- (TokenBroker)
SRV:64bit: - [2017/07/31 18:28:51 | 002,516,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2017/07/27 22:22:50 | 000,923,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2017/07/27 22:15:42 | 000,872,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2017/07/27 22:15:34 | 005,302,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2017/07/27 21:21:31 | 000,699,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:64bit: - [2017/07/27 21:20:06 | 001,015,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2017/07/27 21:19:02 | 000,847,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2017/07/27 21:18:53 | 000,536,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2017/07/27 21:18:43 | 001,298,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lpasvc.dll -- (wlpasvc)
SRV:64bit: - [2017/07/27 21:18:23 | 000,777,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2017/07/27 21:18:00 | 000,586,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2017/07/27 21:17:20 | 002,805,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2017/07/27 21:14:12 | 001,305,088 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2017/07/27 21:10:44 | 000,625,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2017/07/27 21:08:47 | 000,600,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:64bit: - [2017/07/27 21:06:24 | 001,833,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2017/07/27 11:44:20 | 000,208,760 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe -- (DDVCollectorSvcApi)
SRV:64bit: - [2017/07/27 11:44:06 | 003,294,584 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe -- (DDVDataCollector)
SRV:64bit: - [2017/07/27 11:41:26 | 000,217,464 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe -- (DDVRulesProcessor)
SRV:64bit: - [2017/07/10 22:40:35 | 000,336,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SecurityHealthService.exe -- (SecurityHealthService)
SRV:64bit: - [2017/07/10 22:40:35 | 000,102,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2017/07/10 22:40:26 | 000,647,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2017/07/10 22:40:26 | 000,192,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:64bit: - [2017/07/10 22:40:23 | 001,067,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2017/07/10 22:40:23 | 000,802,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2017/07/10 22:40:23 | 000,681,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2017/07/10 22:40:23 | 000,555,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WFDSConMgrSvc.dll -- (WFDSConMgrSvc)
SRV:64bit: - [2017/07/10 22:40:23 | 000,301,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2017/07/10 22:40:23 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2017/07/10 22:40:20 | 001,177,600 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2017/07/10 22:40:20 | 001,046,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2017/07/10 22:40:20 | 000,970,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2017/07/10 22:40:20 | 000,632,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2017/07/10 22:40:20 | 000,548,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2017/07/10 22:40:20 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2017/03/18 13:59:53 | 000,428,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2017/03/18 13:58:33 | 000,706,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2017/03/18 13:58:32 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\DevicesFlowBroker.dll -- (DevicesFlowUserSvc)
SRV:64bit: - [2017/03/18 13:58:29 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2017/03/18 13:58:24 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2017/03/18 13:58:22 | 000,086,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2017/03/18 13:58:21 | 002,155,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2017/03/18 13:58:21 | 001,135,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2017/03/18 13:58:21 | 000,334,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2017/03/18 13:58:21 | 000,093,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2017/03/18 13:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_66fac)
SRV:64bit: - [2017/03/18 13:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_66fac)
SRV:64bit: - [2017/03/18 13:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_66fac)
SRV:64bit: - [2017/03/18 13:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_66fac)
SRV:64bit: - [2017/03/18 13:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_66fac)
SRV:64bit: - [2017/03/18 13:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_66fac)
SRV:64bit: - [2017/03/18 13:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (DevicesFlowUserSvc_66fac)
SRV:64bit: - [2017/03/18 13:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_66fac)
SRV:64bit: - [2017/03/18 13:58:18 | 000,055,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2017/03/18 13:58:17 | 001,191,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SEMgrSvc.dll -- (SEMgrSvc)
SRV:64bit: - [2017/03/18 13:58:17 | 000,772,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2017/03/18 13:58:17 | 000,152,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:64bit: - [2017/03/18 13:58:16 | 000,524,288 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:64bit: - [2017/03/18 13:58:16 | 000,342,528 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2017/03/18 13:58:16 | 000,072,704 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:64bit: - [2017/03/18 13:58:13 | 000,276,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2017/03/18 13:58:12 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2017/03/18 13:58:10 | 001,628,672 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2017/03/18 13:58:10 | 001,284,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2017/03/18 13:58:10 | 000,302,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dusmsvc.dll -- (DusmSvc)
SRV:64bit: - [2017/03/18 13:58:10 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2017/03/18 13:58:09 | 000,090,624 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2017/03/18 13:58:09 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2017/03/18 13:58:07 | 000,233,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2017/03/18 13:58:07 | 000,210,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2017/03/18 13:58:07 | 000,182,272 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2017/03/18 13:58:04 | 000,301,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\xbgmsvc.dll -- (xbgm)
SRV:64bit: - [2017/03/18 13:58:04 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2017/03/18 13:58:04 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2017/03/18 13:58:04 | 000,026,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2017/03/18 13:58:04 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\xboxgipsvc.dll -- (XboxGipSvc)
SRV:64bit: - [2017/03/18 13:58:01 | 000,723,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NaturalAuth.dll -- (NaturalAuthentication)
SRV:64bit: - [2017/03/18 13:58:01 | 000,064,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipxlatcfg.dll -- (IpxlatCfgSvc)
SRV:64bit: - [2017/03/18 13:58:01 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2017/03/18 13:58:00 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2017/03/18 13:57:58 | 000,877,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2017/03/18 13:57:58 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2017/03/18 13:57:58 | 000,165,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:64bit: - [2017/03/18 13:57:58 | 000,095,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2017/03/18 13:57:54 | 000,346,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2017/03/18 13:57:54 | 000,292,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2017/03/18 13:57:54 | 000,059,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:64bit: - [2017/03/18 13:57:47 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2017/03/18 13:57:46 | 000,455,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2017/03/18 13:57:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2017/03/18 13:57:16 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2017/03/18 13:57:16 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2017/03/18 13:57:15 | 000,302,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2017/03/18 13:57:05 | 000,891,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Spectrum.exe -- (spectrum)
SRV:64bit: - [2017/03/18 13:57:03 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2017/03/18 13:57:00 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2017/03/18 13:56:44 | 000,342,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2017/03/18 13:56:44 | 000,307,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss)
SRV:64bit: - [2017/03/18 13:56:44 | 000,307,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:64bit: - [2017/03/18 13:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2017/03/18 13:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2017/03/18 13:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2017/03/18 13:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2017/03/18 13:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2017/03/18 13:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2017/03/18 13:56:20 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2017/03/18 13:56:19 | 000,431,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2017/03/14 04:12:34 | 003,042,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2017/02/24 19:07:20 | 000,382,448 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService2.0.0.0)
SRV:64bit: - [2016/11/11 01:29:04 | 000,190,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\ibtsiva.exe -- (ibtsiva)
SRV:64bit: - [2015/09/01 23:50:40 | 000,256,688 | ---- | M] (Synaptics Incorporated) [Auto | Running] -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe -- (SynTPEnhService)
SRV:64bit: - [2015/08/04 00:21:48 | 000,312,056 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/08/30 21:18:16 | 000,015,720 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2017/08/26 01:25:09 | 000,175,568 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/07/31 19:09:58 | 000,394,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2017/07/31 19:06:46 | 000,798,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\TokenBroker.dll -- (TokenBroker)
SRV - [2017/07/27 21:38:58 | 004,213,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2017/07/27 21:33:17 | 000,583,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2017/07/18 20:28:35 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/07/10 22:40:35 | 000,969,728 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2017/03/18 13:58:46 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2017/03/18 13:56:20 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2017/02/24 19:07:20 | 000,310,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2016/11/08 23:14:21 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem)
SRV - [2016/11/08 23:14:21 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate)
SRV - [2015/03/16 16:44:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/03/16 16:44:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/02/19 16:22:40 | 000,139,328 | ---- | M] (Aviata, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe -- (DellProdRegManager)
SRV - [2013/12/18 10:53:06 | 000,390,616 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/18 10:52:44 | 000,169,432 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/08/22 11:40:38 | 000,016,176 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2013/08/19 04:29:48 | 001,785,344 | ---- | M] (DELL Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe -- (WyseRemoteAccess)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2017/09/09 12:36:07 | 000,136,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2017/07/31 19:38:08 | 000,382,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2017/07/27 22:15:43 | 000,554,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2017/07/27 21:27:13 | 000,051,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2017/07/27 21:25:25 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys -- (BthLEEnum)
DRV:64bit: - [2017/07/27 21:08:16 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2017/07/10 22:40:23 | 000,757,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2017/07/10 22:40:23 | 000,117,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2017/07/10 22:40:23 | 000,112,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2017/07/10 22:40:20 | 000,142,752 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:64bit: - [2017/07/10 22:40:18 | 000,388,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2017/07/10 22:40:18 | 000,287,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2017/07/10 22:40:18 | 000,277,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2017/07/10 22:40:18 | 000,219,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2017/07/10 22:40:18 | 000,144,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2017/07/10 22:40:18 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2017/07/10 22:40:18 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2017/06/20 13:06:14 | 000,032,960 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DDDriver64Dcsa.sys -- (DDDriver)
DRV:64bit: - [2017/06/20 13:06:14 | 000,032,568 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DellProf.sys -- (DellProf)
DRV:64bit: - [2017/03/18 19:31:22 | 000,037,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2017/03/18 19:31:15 | 000,040,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys -- (SpatialGraphFilter)
DRV:64bit: - [2017/03/18 19:31:11 | 000,030,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2017/03/18 13:59:50 | 000,030,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2017/03/18 13:58:33 | 000,079,872 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2017/03/18 13:58:18 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2017/03/18 13:58:16 | 000,127,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2017/03/18 13:58:04 | 000,263,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2017/03/18 13:58:04 | 000,179,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:64bit: - [2017/03/18 13:58:04 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2017/03/18 13:58:04 | 000,070,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2017/03/18 13:58:04 | 000,059,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2017/03/18 13:58:04 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:64bit: - [2017/03/18 13:58:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:64bit: - [2017/03/18 13:58:01 | 000,217,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winnat.sys -- (WinNat)
DRV:64bit: - [2017/03/18 13:58:01 | 000,012,288 | ---- | M] (Microsoft Corporation) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\cldflt.sys -- (CldFlt)
DRV:64bit: - [2017/03/18 13:57:58 | 000,154,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2017/03/18 13:57:58 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2017/03/18 13:57:58 | 000,074,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:64bit: - [2017/03/18 13:57:58 | 000,039,840 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2017/03/18 13:57:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2017/03/18 13:57:57 | 000,075,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2017/03/18 13:57:57 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\registry.sys -- (clreg)
DRV:64bit: - [2017/03/18 13:57:54 | 000,208,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2017/03/18 13:57:54 | 000,169,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2017/03/18 13:57:54 | 000,128,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2017/03/18 13:57:53 | 000,164,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2017/03/18 13:57:53 | 000,072,192 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs)
DRV:64bit: - [2017/03/18 13:57:47 | 000,080,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2017/03/18 13:57:39 | 001,735,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2017/03/18 13:57:39 | 000,936,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2017/03/18 13:57:39 | 000,239,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2017/03/18 13:57:39 | 000,215,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2017/03/18 13:57:39 | 000,033,688 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2017/03/18 13:57:38 | 000,056,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2017/03/18 13:57:38 | 000,049,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:64bit: - [2017/03/18 13:57:35 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:64bit: - [2017/03/18 13:57:24 | 000,088,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2017/03/18 13:57:05 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2017/03/18 13:57:03 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2017/03/18 13:57:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2017/03/18 13:56:44 | 000,294,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2017/03/18 13:56:44 | 000,121,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2017/03/18 13:56:44 | 000,044,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2017/03/18 13:56:41 | 000,213,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2017/03/18 13:56:41 | 000,127,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2017/03/18 13:56:41 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2017/03/18 13:56:41 | 000,054,272 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2017/03/18 13:56:41 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2017/03/18 13:56:41 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2017/03/18 13:56:35 | 000,094,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2017/03/18 13:56:35 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2017/03/18 13:56:35 | 000,051,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2017/03/18 13:56:35 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2017/03/18 13:56:35 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2017/03/18 13:56:35 | 000,018,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2017/03/18 13:56:34 | 000,138,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2017/03/18 13:56:34 | 000,098,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2017/03/18 13:56:34 | 000,049,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2017/03/18 13:56:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2017/03/18 13:56:34 | 000,029,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2017/03/18 13:56:34 | 000,028,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2017/03/18 13:56:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2017/03/18 13:56:34 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2017/03/18 13:56:28 | 000,168,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys -- (iaLPSS2i_I2C_BXT_P)
DRV:64bit: - [2017/03/18 13:56:28 | 000,165,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2017/03/18 13:56:28 | 000,085,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys -- (iaLPSS2i_GPIO2_BXT_P)
DRV:64bit: - [2017/03/18 13:56:28 | 000,081,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2017/03/18 13:56:28 | 000,074,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2017/03/18 13:56:28 | 000,070,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:64bit: - [2017/03/18 13:56:28 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2017/03/18 13:56:28 | 000,053,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAD.sys -- (CAD)
DRV:64bit: - [2017/03/18 13:56:28 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2017/03/18 13:56:28 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2017/03/18 13:56:28 | 000,033,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:64bit: - [2017/03/18 13:56:28 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2017/03/18 13:56:28 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2017/03/18 13:56:28 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:64bit: - [2017/03/18 13:56:26 | 000,673,184 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2017/03/18 13:56:26 | 000,587,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2017/03/18 13:56:26 | 000,405,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbhost.sys -- (mausbhost)
DRV:64bit: - [2017/03/18 13:56:26 | 000,101,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmem.sys -- (pmem)
DRV:64bit: - [2017/03/18 13:56:26 | 000,095,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2017/03/18 13:56:26 | 000,091,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:64bit: - [2017/03/18 13:56:26 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvdimmn.sys -- (nvdimmn)
DRV:64bit: - [2017/03/18 13:56:26 | 000,078,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2017/03/18 13:56:26 | 000,071,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2017/03/18 13:56:26 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2017/03/18 13:56:26 | 000,051,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbip.sys -- (mausbip)
DRV:64bit: - [2017/03/18 13:56:26 | 000,036,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2017/03/18 13:56:26 | 000,031,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SDFRd.sys -- (SDFRd)
DRV:64bit: - [2017/03/18 13:56:26 | 000,029,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2017/03/18 13:56:26 | 000,016,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:64bit: - [2017/03/18 13:56:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2017/03/18 13:56:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2017/03/18 13:56:25 | 002,104,224 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:64bit: - [2017/03/18 13:56:25 | 001,135,512 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2017/03/18 13:56:25 | 000,842,656 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2017/03/18 13:56:25 | 000,526,240 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2017/03/18 13:56:25 | 000,347,032 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:64bit: - [2017/03/18 13:56:25 | 000,305,568 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2017/03/18 13:56:25 | 000,259,488 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2017/03/18 13:56:25 | 000,123,808 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2017/03/18 13:56:25 | 000,122,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2017/03/18 13:56:25 | 000,108,960 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2017/03/18 13:56:25 | 000,107,424 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2017/03/18 13:56:25 | 000,103,328 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2017/03/18 13:56:25 | 000,083,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2017/03/18 13:56:25 | 000,082,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2017/03/18 13:56:25 | 000,064,920 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2017/03/18 13:56:25 | 000,064,416 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2017/03/18 13:56:25 | 000,064,416 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:64bit: - [2017/03/18 13:56:25 | 000,063,904 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2017/03/18 13:56:25 | 000,061,848 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2017/03/18 13:56:25 | 000,058,784 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2017/03/18 13:56:25 | 000,032,160 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2017/03/18 13:56:25 | 000,031,136 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2017/03/18 13:56:25 | 000,027,040 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2017/03/18 13:56:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:64bit: - [2017/03/18 13:56:25 | 000,009,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2017/03/18 13:56:23 | 003,419,040 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2017/03/18 13:56:23 | 000,533,920 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2017/03/18 13:56:23 | 000,074,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2017/03/18 13:56:23 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2017/03/18 13:56:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2017/03/18 13:56:20 | 003,485,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwbw02.sys -- (NETwNb64)
DRV:64bit: - [2017/03/18 13:56:20 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2017/03/18 13:56:19 | 000,119,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2017/03/18 13:56:19 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2017/03/18 13:56:19 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2017/03/18 13:56:19 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2017/03/18 13:56:19 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2017/02/24 19:07:20 | 007,974,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2016/11/11 01:29:04 | 000,230,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb)
DRV:64bit: - [2016/05/12 05:32:26 | 000,481,768 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:10 | 000,109,272 | ---- | M] (Malwarebytes) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/01 23:50:38 | 000,628,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2015/09/01 23:50:38 | 000,067,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynRMIHID.sys -- (SynRMIHID)
DRV:64bit: - [2015/08/14 19:11:42 | 000,896,744 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/12/26 16:30:20 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/12/18 10:52:50 | 000,100,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/01 17:40:22 | 000,330,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2013/08/29 08:13:36 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/01/24 19:12:08 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2017/09/09 12:46:51 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F552EBC0-E88C-4243-B962-0B533DEEE00E}\MpKsl728a2fed.sys -- (MpKsl728a2fed)
DRV - [2017/03/18 13:56:19 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE - HKLM\..\SearchScopes,DefaultScope = {7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-21-271341534-3625449929-2082456808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 7F D7 7F 37 35 16 D3 01  [binary data]
IE - HKU\S-1-5-21-271341534-3625449929-2082456808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 48 00 00 00 7D 81 8A 75 24 3A 17 9E E5 CC 83 E7 49 01 29 7F 32 5B 3D 14 BF C0 68 37 30 85 E2 6A AC 9C C1 41 0B E8 33 0C BB D7 AA C1 69 5E BC 70 93 ED 40 BB 8E 7A 02 6C E8 94 93 47 BE 27 97 0E BD 61 ED 88 70 0B 95 63 ED B3 E0 28 02 00 00 00 10 00 00 00 6E 25 32 62 76 46 7A 77 33 2F 57 65 34 25 33 64  [Binary data over 200 bytes]
IE - HKU\S-1-5-21-271341534-3625449929-2082456808-1001\..\SearchScopes,DefaultScope = {7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}
IE - HKU\S-1-5-21-271341534-3625449929-2082456808-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-271341534-3625449929-2082456808-1001\..\SearchScopes\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE - HKU\S-1-5-21-271341534-3625449929-2082456808-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 55.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 55.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2016/09/20 19:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donya\AppData\Roaming\mozilla\Extensions
[2017/08/26 19:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donya\AppData\Roaming\mozilla\Firefox\Profiles\1p7kpttt.default-1501736790557\extensions
[2017/08/26 19:38:26 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Donya\AppData\Roaming\mozilla\Firefox\Profiles\1p7kpttt.default-1501736790557\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2017/09/03 07:10:26 | 000,009,993 | ---- | M] () (No name found) -- C:\Users\Donya\AppData\Roaming\mozilla\firefox\profiles\1p7kpttt.default-1501736790557\features\{b2e9ac65-8489-407f-ac96-61b543b4ccd6}\followonsearch@mozilla.com.xpi
[2017/09/03 07:10:26 | 000,329,275 | ---- | M] () (No name found) -- C:\Users\Donya\AppData\Roaming\mozilla\firefox\profiles\1p7kpttt.default-1501736790557\features\{b2e9ac65-8489-407f-ac96-61b543b4ccd6}\screenshots@mozilla.org.xpi
[2017/08/26 01:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
 
O1 HOSTS File: ([2017/05/23 23:49:23 | 000,454,468 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 15604 more lines...
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-271341534-3625449929-2082456808-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-271341534-3625449929-2082456808-1001..\Run: [OneDrive] C:\Users\Donya\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-271341534-3625449929-2082456808-1001..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - Startup: C:\Users\Donya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to trends - C:\Program Files (x86)\ShopBuddy BHO\ShopBuddyWorker.ContextMenu.htm File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to trends - C:\Program Files (x86)\ShopBuddy BHO\ShopBuddyWorker.ContextMenu.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.123 208.67.220.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15f41b87-4fbb-45b5-8287-ae3251600c3b}: DhcpNameServer = 208.67.222.123 208.67.220.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15f41b87-4fbb-45b5-8287-ae3251600c3b}: NameServer = 208.67.222.123,208.67.220.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{a2edd166-89d2-48eb-bd49-9c58d35f7597}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\MicrosoftEdge.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MicrosoftEdge.exe: Debugger - C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2017/09/09 12:31:06 | 002,395,648 | ---- | C] (Farbar) -- C:\Users\Donya\Desktop\FRST64.exe
[2017/09/09 12:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2017/09/09 12:24:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2017/09/06 03:29:48 | 000,049,992 | ---- | C] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\DbxSvc.exe
[2017/09/06 03:29:48 | 000,045,672 | ---- | C] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-dev.sys
[2017/09/06 03:29:48 | 000,045,640 | ---- | C] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-stable.sys
[2017/09/06 03:29:48 | 000,045,640 | ---- | C] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-canary.sys
[2017/09/01 16:20:08 | 000,188,112 | ---- | C] (NirSoft) -- C:\Users\Donya\Desktop\cports.exe
[2017/08/18 19:53:28 | 000,000,000 | ---D | C] -- C:\Users\Donya\Desktop\laptop scans
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2017/09/09 12:37:11 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/09/09 12:36:07 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2017/09/09 12:35:54 | 000,000,180 | ---- | M] () -- C:\WINDOWS\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2017/09/09 12:35:25 | 000,389,096 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017/09/09 12:35:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017/09/09 12:35:09 | 809,062,399 | -HS- | M] () -- C:\hiberfil.sys
[2017/09/09 12:31:12 | 002,395,648 | ---- | M] (Farbar) -- C:\Users\Donya\Desktop\FRST64.exe
[2017/09/09 12:17:57 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2017/09/06 18:46:12 | 000,188,112 | ---- | M] (NirSoft) -- C:\Users\Donya\Desktop\cports.exe
[2017/09/06 18:46:11 | 000,020,496 | ---- | M] () -- C:\Users\Donya\Desktop\cports.chm
[2017/09/06 03:29:48 | 000,049,992 | ---- | M] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\DbxSvc.exe
[2017/09/06 03:29:48 | 000,045,672 | ---- | M] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-dev.sys
[2017/09/06 03:29:48 | 000,045,640 | ---- | M] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-stable.sys
[2017/09/06 03:29:48 | 000,045,640 | ---- | M] (Dropbox, Inc.) -- C:\WINDOWS\SysNative\drivers\dbx-canary.sys
[2017/09/04 23:37:23 | 001,279,298 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017/09/04 23:37:23 | 001,047,900 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017/09/04 23:37:23 | 000,228,670 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017/09/01 18:54:45 | 000,002,082 | ---- | M] () -- C:\Users\Donya\Desktop\PokerStars.net.lnk
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2017/09/01 18:54:45 | 000,002,082 | ---- | C] () -- C:\Users\Donya\Desktop\PokerStars.net.lnk
[2017/09/01 16:19:58 | 000,020,496 | ---- | C] () -- C:\Users\Donya\Desktop\cports.chm
[2017/08/08 15:30:28 | 000,518,144 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2017/07/29 21:16:20 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2017/07/29 21:13:41 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2017/07/10 22:40:35 | 000,059,904 | ---- | C] () -- C:\WINDOWS\SysWow64\xboxgipsynthetic.dll
[2017/05/06 14:25:33 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2017/03/18 14:03:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2017/03/18 14:03:41 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2017/03/18 13:58:56 | 000,054,272 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2017/03/18 13:58:54 | 000,116,824 | ---- | C] () -- C:\WINDOWS\SysWow64\InputHost.dll
[2017/03/18 13:58:54 | 000,112,128 | ---- | C] () -- C:\WINDOWS\SysWow64\HeatCore.dll
[2017/03/18 13:58:54 | 000,086,528 | ---- | C] () -- C:\WINDOWS\SysWow64\WindowsDefaultHeatProcessor.dll
[2017/03/18 13:58:52 | 003,200,000 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.Analysis.dll
[2017/03/18 13:58:51 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2017/03/18 13:58:48 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2017/03/18 13:58:39 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SysWow64\ssdm.dll
[2017/03/18 13:58:37 | 001,859,072 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Mirage.dll
[2017/03/18 13:57:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2017/03/18 13:57:03 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2017/07/27 22:16:51 | 007,326,128 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2017/07/27 21:40:18 | 005,820,984 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2017/03/18 13:57:58 | 000,961,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2017/03/18 13:58:50 | 000,770,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2017/03/18 13:57:53 | 000,510,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Donya\OneDrive:ms-properties

< End of report >

 

 

OTL Extras logfile created on: 9/9/2017 12:52:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Donya\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.15063.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
11.88 Gb Total Physical Memory | 9.08 Gb Available Physical Memory | 76.37% Memory free
13.70 Gb Paging File | 10.83 Gb Available in Paging File | 79.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.09 Gb Total Space | 846.68 Gb Free Space | 92.12% Space Free | Partition Type: NTFS
 
Computer Name: DONYA | User Name: Donya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-271341534-3625449929-2082456808-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 4C D8 71 C5 EE 08 D3 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{302600C1-6BDF-4FD1-1311-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2)
"{3181229B-05DA-46F9-B8D4-4966BDA99A74}" = Intel® PROSet/Wireless WiFi Software
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{4DFCD818-036A-4229-A67D-CF17DC461D92}" = Windows 10 Update and Privacy Settings
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{96714280-14E6-4DF7-BACD-F797C0F17C3D}" = Intel® Rapid Storage Technology
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{c7565395-3662-4b78-8c42-e7cf02c6edd7}" = Intel® PRO/Wireless Driver
"{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}" = Dell SupportAssistAgent
"{F838DF81-E9D3-4185-AFD2-B749EA1BA6BF}" = Update for Microsoft en-us Dictionary
"CCleaner" = CCleaner
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us
"PC-Doctor for Windows" = Dell SupportAssist
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}" = Dell Update
"{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}" = Intel® PROSet/Wireless Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}" = Dell Product Registration
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B93F8DC-1A79-46D7-9D8C-B4AB3CFBEBF1}" = iKnow Photo Resize PowerTool Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{D9752C7D-A595-4687-A0D5-362E9C311C55}" = PocketCloud
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player NPAPI" = Adobe Flash Player 26 NPAPI
"Dropbox" = Dropbox
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 55.0.3 (x86 en-US)" = Mozilla Firefox 55.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenDNS Updater" = OpenDNS Updater 2.2.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-271341534-3625449929-2082456808-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/8/2017 2:23:54 AM | Computer Name = Donya | Source = Application Error | ID = 1000
Description = Faulting application name: wwahost.exe, version: 10.0.15063.540, time
 stamp: 0xc9671128  Faulting module name: biwinrt.dll, version: 10.0.15063.0, time
 stamp: 0x87ee4a59  Exception code: 0xe0464645  Fault offset: 0x00000000000156f9  Faulting
 process id: 0x253b0  Faulting application start time: 0x01d3286b0b4d30ec  Faulting
application path: C:\WINDOWS\system32\wwahost.exe  Faulting module path: C:\Windows\System32\biwinrt.dll
Report
 Id: 09111472-db5f-43b8-88c8-76d70342ac1b  Faulting package full name: YahooInc.YahooMail_1.7.0.23_neutral__xvnatx83ncrvj
Faulting
 package-relative application ID: YahooInc.YahooMail
 
Error - 9/8/2017 3:16:59 AM | Computer Name = Donya | Source = Perflib | ID = 1008
Description =
 
Error - 9/8/2017 2:32:42 PM | Computer Name = Donya | Source = Dell System Detect | ID = 0
Description = <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The
 '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[
   at System.Xml.XmlDocument.CheckName(String name)     at System.Xml.XmlElement..ctor(XmlName
 name, Boolean empty, XmlDocument doc)     at System.Xml.XmlDocument.CreateElement(String
 prefix, String localName, String namespaceURI)     at System.Xml.XmlDocument.CreateElement(String
 name)     at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String
 type, String value)]]></StackTrace><SysInfo STag="FG91TZ1" SMBIOSMajVer="2" SMBIOSMinVer="7"
 SMBIOSBIOSVer="A04" SMBIOSPresent="True" Rel_Date="20140509000000.000000+000" DSDVersion=""
 Vendor="Dell Inc." PName="Inspiron 5547" Ident_Num="DONYA" TimeZone="(UTC-07:00)
 Arizona" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.50.11</HostIP></Exception>
 
Error - 9/8/2017 2:32:43 PM | Computer Name = Donya | Source = Dell System Detect | ID = 0
Description = <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The
 '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[
   at System.Xml.XmlDocument.CheckName(String name)     at System.Xml.XmlElement..ctor(XmlName
 name, Boolean empty, XmlDocument doc)     at System.Xml.XmlDocument.CreateElement(String
 prefix, String localName, String namespaceURI)     at System.Xml.XmlDocument.CreateElement(String
 name)     at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String
 type, String value)]]></StackTrace><SysInfo STag="FG91TZ1" SMBIOSMajVer="2" SMBIOSMinVer="7"
 SMBIOSBIOSVer="A04" SMBIOSPresent="True" Rel_Date="20140509000000.000000+000" DSDVersion=""
 Vendor="Dell Inc." PName="Inspiron 5547" Ident_Num="DONYA" TimeZone="(UTC-07:00)
 Arizona" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.50.11</HostIP></Exception>
 
Error - 9/8/2017 4:20:58 PM | Computer Name = Donya | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 9/8/2017 4:21:07 PM | Computer Name = Donya | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 9/9/2017 3:20:50 PM | Computer Name = Donya | Source = Application Error | ID = 1000
Description = Faulting application name: SystemSettings.exe, version: 10.0.15063.502,
 time stamp: 0x7c8bd05a  Faulting module name: msvcrt.dll, version: 7.0.15063.0, time
 stamp: 0x3280d1b7  Exception code: 0x40000015  Fault offset: 0x000000000000ad32  Faulting
 process id: 0x8e0  Faulting application start time: 0x01d329a0ad17ae97  Faulting application
 path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe  Faulting module path:
C:\WINDOWS\System32\msvcrt.dll  Report Id: 91edfe03-b7d7-4ef7-af42-06c0bd18edc2  Faulting
 package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Faulting
 package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error - 9/9/2017 3:32:28 PM | Computer Name = Donya | Source = VSS | ID = 8194
Description =
 
Error - 9/9/2017 3:33:27 PM | Computer Name = Donya | Source = Perflib | ID = 1008
Description =
 
Error - 9/9/2017 3:33:37 PM | Computer Name = Donya | Source = VSS | ID = 8193
Description =
 
[ System Events ]
Error - 9/7/2017 1:47:41 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2017 1:48:18 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2017 1:48:55 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2017 1:48:58 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2017 1:49:04 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2017 1:49:06 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2017 1:49:08 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2017 1:49:21 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2017 1:49:52 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2017 1:49:55 PM | Computer Name = Donya | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 



#55 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 09 September 2017 - 03:15 PM

forgot to post with previous FRST scan. This is the ADDITION scan.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Donya (09-09-2017 12:42:07)
Running from C:\Users\Donya\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-30 04:48:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-271341534-3625449929-2082456808-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-271341534-3625449929-2082456808-503 - Limited - Disabled)
Donya (S-1-5-21-271341534-3625449929-2082456808-1001 - Administrator - Enabled) => C:\Users\Donya
Guest (S-1-5-21-271341534-3625449929-2082456808-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-271341534-3625449929-2082456808-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 34.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
iKnow Photo Resize PowerTool Setup (HKLM-x32\...\{9B93F8DC-1A79-46D7-9D8C-B4AB3CFBEBF1}) (Version: 1.0.0 - none)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4953.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-24] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E4EE779-7526-4E16-B254-19EC84B05D6B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {100A7E64-7CFA-42B9-8D7F-FC3FB4D704AD} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe]
Task: {1E940183-A947-4686-888B-59A8EFD47AE4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {20F0E06D-98FB-402F-B5E5-E7697959A059} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {29FEFB46-DDA9-42BD-96CB-E1D35A9B9FE2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2EF04429-07B9-420C-8D16-3320BC5B37BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3504025C-8799-4296-8241-8E2DE3FEE509} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {42F8408E-D7A9-481D-8AE4-F629761C57D2} - \WPD\SqmUpload_S-1-5-21-271341534-3625449929-2082456808-1001 -> No File <==== ATTENTION
Task: {44A392A8-9FB9-4980-A683-3FE4C33964CE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5EFB6C95-FB4A-4F7C-B308-422FAF3D25D9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {610233DF-EA57-456C-94EF-6618CBCCFCC7} - System32\Tasks\{863CAA73-3FF1-4A6B-974E-236016AF8BF0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Donya\Downloads\PokerStarsInstall (12).exe" -d C:\Users\Donya\Downloads -c "C:\Users\Donya\Downloads\PokerStarsInstall (10).exe" "C:\Users\Donya\Downloads\PokerStarsInstall (11).exe"
Task: {61C2B7E4-2CBB-4E29-9A5B-6E8003C7962E} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {62BEA6DA-1312-43DA-AFAD-1B338D9C4E41} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {6465EC36-8455-4788-871D-9ADC23789126} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)
Task: {6768EAD8-110F-4527-96A3-24603C579D0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6F976172-F140-4EFA-A778-D948F8501EC7} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {709E3458-2064-4391-BA1E-30450BEEE79A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {71AB68E6-65AE-441C-9270-4660FD4C027F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {76F9E707-3557-4032-B9B2-EE55B84BE8BF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {76FB8927-2690-40C9-80D4-0B8FA53E5652} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {7749B81E-1810-472E-82AE-879A272BE8A3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {7F1CBE1E-3D3F-4214-AF0B-B6FC255A95B0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {83BCB0BD-DE70-4E51-B2C1-D9570BCB320C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {86F926DD-7A8C-4071-9A2D-B6C857BD53A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {96E693A1-0472-41A8-8557-589CE849A020} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {9A6EC13D-42B8-4254-A999-0D9F9C42465E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AADD1741-37BF-4DE1-8DD2-2271C5C0E89D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B6FF90CD-2113-4420-86B3-165012B6012D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C023EC1D-1516-45E4-A271-6C3E308D1A45} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C1E1352E-7640-4BA1-9B56-74DBFF643769} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {D13E5BA3-44A1-411B-AB51-93DBB80A2D76} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-07-11] (Microsoft Corporation)
Task: {E126CA85-17D5-4D4F-B926-1051A45DF9F1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {EDB0BBAF-CD11-4057-BE71-83614D81B2E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {FAE12AF7-84F9-4766-9A76-096C197788F6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-01] (Synaptics Incorporated)
Task: {FEC522E6-D7F5-46AB-B546-982E9E30DA49} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-18] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-02-22 15:27 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-24 18:53 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-24 19:07 - 2017-02-24 19:07 - 000410608 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-22 21:53 - 2017-08-22 21:54 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 21:53 - 2017-08-22 21:54 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 21:53 - 2017-08-22 21:54 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 21:53 - 2017-08-22 21:54 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2010-06-16 14:42 - 2010-06-16 14:42 - 000839680 _____ () C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-08-03 19:54 - 2017-05-23 23:49 - 000454468 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15598 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-271341534-3625449929-2082456808-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Donya\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 208.67.222.123 - 208.67.220.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellProdRegManager => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: WysePocketCloud => 2
MSCONFIG\Services: WyseRemoteAccess => 2
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PC-Doctor for Windows REBOOT"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-271341534-3625449929-2082456808-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-08-2017 19:50:04 Windows Modules Installer
25-08-2017 22:43:00 Scheduled Checkpoint
05-09-2017 12:43:38 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2017 12:33:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (09/09/2017 12:33:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/09/2017 12:32:28 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {22489163-a529-45aa-b634-2f94580e3703}

Error: (09/09/2017 12:20:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.15063.502, time stamp: 0x7c8bd05a
Faulting module name: msvcrt.dll, version: 7.0.15063.0, time stamp: 0x3280d1b7
Exception code: 0x40000015
Fault offset: 0x000000000000ad32
Faulting process id: 0x8e0
Faulting application start time: 0x01d329a0ad17ae97
Faulting application path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: 91edfe03-b7d7-4ef7-af42-06c0bd18edc2
Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (09/08/2017 01:21:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DONYA)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/08/2017 01:20:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DONYA)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/08/2017 11:32:43 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="FG91TZ1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A04" SMBIOSPresent="True" Rel_Date="20140509000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5547" Ident_Num="DONYA" TimeZone="(UTC-07:00) Arizona" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.50.11</HostIP></Exception>

Error: (09/08/2017 11:32:42 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="FG91TZ1" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A04" SMBIOSPresent="True" Rel_Date="20140509000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5547" Ident_Num="DONYA" TimeZone="(UTC-07:00) Arizona" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.50.11</HostIP></Exception>

Error: (09/08/2017 12:16:59 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/07/2017 11:23:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 10.0.15063.540, time stamp: 0xc9671128
Faulting module name: biwinrt.dll, version: 10.0.15063.0, time stamp: 0x87ee4a59
Exception code: 0xe0464645
Fault offset: 0x00000000000156f9
Faulting process id: 0x253b0
Faulting application start time: 0x01d3286b0b4d30ec
Faulting application path: C:\WINDOWS\system32\wwahost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 09111472-db5f-43b8-88c8-76d70342ac1b
Faulting package full name: YahooInc.YahooMail_1.7.0.23_neutral__xvnatx83ncrvj
Faulting package-relative application ID: YahooInc.YahooMail


System errors:
=============
Error: (09/09/2017 12:35:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (09/09/2017 12:34:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (09/09/2017 12:33:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: Definition Update for Windows Defender - KB2267602 (Definition 1.251.706.0).

Error: (09/09/2017 12:33:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/09/2017 12:33:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/09/2017 12:33:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2017 12:33:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2017 12:33:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell SupportAssist Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 32767 milliseconds: Run the configured recovery program.

Error: (09/09/2017 12:33:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2017 12:33:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-09-09 12:36:48.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-09 12:36:48.877
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-09 12:26:41.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-09 12:26:41.484
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-09 12:08:02.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-09 12:08:02.627
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-08 20:36:02.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-08 20:36:02.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-08 13:20:59.307
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-08 13:20:59.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 22%
Total physical RAM: 12168.96 MB
Available physical RAM: 9415.45 MB
Total Virtual: 14024.96 MB
Available Virtual: 11175.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.09 GB) (Free:846.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 65726D00)

Partition: GPT.

==================== End of Addition.txt ============================



#56 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 09 September 2017 - 04:16 PM

RogueKiller V12.11.13.0 (x64) [Sep  4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Donya [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/09/2017 13:19:54 (Duration : 00:43:02)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-75JC3T0 +++++
--- User ---
[MBR] beb3251352027b71ea32e234c7e57a66
[BSP] 5d8b4167e986362a1cac4a7422451b1e : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB
4 - Basic data partition | Offset (sectors): 2906112 | Size: 941151 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1930385408 | Size: 928 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1932285952 | Size: 10369 MB
User = LL1 ... OK
User = LL2 ... OK

 



#57 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 09 September 2017 - 05:56 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.540.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 12760080384, free: 7041740800

Downloaded database version: v2017.09.09.07
Downloaded database version: v2017.08.02.01
Downloaded database version: v2017.09.01.01
Initializing...
======================
------------ Kernel report ------------
     09/09/2017 14:19:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\HalExtIntcLpioDma.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\Netwbw02.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\iaLPSSi_GPIO.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\iaLPSSi_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\DellRbtn.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\DDDriver64Dcsa.sys
\SystemRoot\system32\drivers\DellProf.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\SynRMIHID.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F552EBC0-E88C-4243-B962-0B533DEEE00E}\MpKsl728a2fed.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.09.09.07
  rootkit: v2017.08.02.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff94061e336060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff94061d1359f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff94061e336060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffff94061b14f200, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff94061bdc33c0, DeviceName: \Device\0000002f\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 65726D00

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2626627799
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 719577dc-448d-4092-9c61-71b29f1b8e2c
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2626627799
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 719577dc-448d-4092-9c61-71b29f1b8e2c
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 6f9b5ccd-a2f1-466e-a710-7aebb3c86ccb
    FirstLBA 2048  Last LBA 1026047
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965
    Partition ID 693ca2ad-50e1-4b56-90a0-d9aef6b039d5
    FirstLBA 1026048  Last LBA 1107967
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 5e0969f4-529e-48db-a36d-853828e84d1
    FirstLBA 1107968  Last LBA 1370111
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e25fda12-805f-4e6c-ac1d-235d9e39b6b
    FirstLBA 1370112  Last LBA 2906111
    Attributes 1
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID bcdcff3e-db59-4c0c-a742-298a8eff63c5
    FirstLBA 2906112  Last LBA 1930384249
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 11172843-dddf-408c-9c94-ccc43b2927e8
    FirstLBA 1930385408  Last LBA 1932285951
    Attributes 1
    Partition Name                                     

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 22d30898-feed-4d15-a0dd-01429bf502c
    FirstLBA 1932285952  Last LBA 1953523119
    Attributes 1
    Partition Name         Microsoft recovery partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
File "C:\Users\Donya\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3F81E697CF9647CF6AB2E9BADECEF654C8FAF9A4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3F81E697CF9647CF6AB2E9BADECEF654C8FAF9A4.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3F81E697CF9647CF6AB2E9BADECEF654C8FAF9A4.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished



#58 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 09 September 2017 - 06:03 PM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Donya (administrator) on 09-09-2017 at 16:02:15
Running from "C:\Users\Donya\Desktop"
Microsoft Windows 10 Home  (X64)
Model: Inspiron 5547 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15596 entries.

========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Donya
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : EC-F4-BB-96-4C-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : A0-88-69-4D-DB-41
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160
   Physical Address. . . . . . . . . : A0-88-69-4D-DB-40
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.50.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, September 9, 2017 12:35:17 PM
   Lease Expires . . . . . . . . . . : Sunday, September 10, 2017 12:35:19 PM
   Default Gateway . . . . . . . . . : 192.168.50.1
   DHCP Server . . . . . . . . . . . : 192.168.50.1
   DNS Servers . . . . . . . . . . . : 208.67.222.123
                                       208.67.220.123
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:cca:3b30:bbfc:8ff0(Preferred)
   Link-local IPv6 Address . . . . . : fe80::cca:3b30:bbfc:8ff0%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 268435456
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-0E-90-3A-EC-F4-BB-96-4C-01
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  resolver1-fs.opendns.com
Address:  208.67.222.123

Name:    google.com
Addresses:  2607:f8b0:4007:80a::200e
      216.58.216.46


Pinging google.com [216.58.216.46] with 32 bytes of data:
Reply from 216.58.216.46: bytes=32 time=22ms TTL=55
Reply from 216.58.216.46: bytes=32 time=21ms TTL=55

Ping statistics for 216.58.216.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 22ms, Average = 21ms
Server:  resolver1-fs.opendns.com
Address:  208.67.222.123

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      206.190.36.45
      98.139.180.149
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=68ms TTL=53
Reply from 98.138.253.109: bytes=32 time=66ms TTL=53

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 66ms, Maximum = 68ms, Average = 67ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...ec f4 bb 96 4c 01 ......Realtek PCIe FE Family Controller
  4...a0 88 69 4d db 41 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...a0 88 69 4d db 40 ......Intel® Dual Band Wireless-AC 3160
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.50.1    192.168.50.11     36
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     192.168.50.0    255.255.255.0         On-link     192.168.50.11    291
    192.168.50.11  255.255.255.255         On-link     192.168.50.11    291
   192.168.50.255  255.255.255.255         On-link     192.168.50.11    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.50.11    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.50.11    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16    331 ::/0                     On-link
  1    331 ::1/128                  On-link
 16    331 2001::/32                On-link
 16    331 2001:0:9d38:90d7:cca:3b30:bbfc:8ff0/128
                                    On-link
 16    331 fe80::/64                On-link
 16    331 fe80::cca:3b30:bbfc:8ff0/128
                                    On-link
  1    331 ff00::/8                 On-link
 16    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

**** End of log ****
 



#59 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:06 AM

Posted 09 September 2017 - 06:14 PM

Thank you for all of that work, I appreciate it.

I will be away from my computer for a few hours starting at about 4:30 my time.

Please do this.

===================================================

Run OTL Fix

--------------------
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
:OTL
IE:64bit: - HKLM\..\SearchScopes\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE - HKLM\..\SearchScopes,DefaultScope = {7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}
IE - HKLM\..\SearchScopes\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE - HKU\S-1-5-21-271341534-3625449929-2082456808-1001\..\SearchScopes,DefaultScope = {7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}
IE - HKU\S-1-5-21-271341534-3625449929-2082456808-1001\..\SearchScopes\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
O8:64bit: - Extra context menu item: Add to trends - C:\Program Files (x86)\ShopBuddy BHO\ShopBuddyWorker.ContextMenu.htm File not found
O8 - Extra context menu item: Add to trends - C:\Program Files (x86)\ShopBuddy BHO\ShopBuddyWorker.ContextMenu.htm File not found
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}
:Commands
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and paste that report in your next reply.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
zip: C:\Users\Donya\AppData\Roaming\Mozilla\Firefox\Profiles\1p7kpttt.default-1501736790557\prefs.js
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • OTL report
  • Fixlog
  • Attached file
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#60 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 09 September 2017 - 06:34 PM

ll processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}\ not found.
HKEY_USERS\S-1-5-21-271341534-3625449929-2082456808-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-271341534-3625449929-2082456808-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AD87CD2-6D3F-4711-93C1-AA29E9A06A0B}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to trends\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to trends\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: Donya
->Temp folder emptied: 1930320 bytes
->Temporary Internet Files folder emptied: 338 bytes
->FireFox cache emptied: 30829721 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13018936 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 44.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: Donya
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: Donya
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09092017_163101

Files\Folders moved on Reboot...
File move failed. C:\Users\Donya\AppData\Local\Microsoft\Windows\INetCache\counters2.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\DONYA-20170909-1235.log moved successfully.
C:\WINDOWS\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\WINDOWS\temp\FXSTIFFDebugLogFile.txt moved successfully.
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_c2ruidll(20170909123513904).log not found!
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_streamserver(20170909123514904).log not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users