Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User Acct Control window shows constantly, keyboard stops working


  • This topic is locked This topic is locked
5 replies to this topic

#1 Thelonius

Thelonius

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 06 November 2017 - 12:40 AM

So, I'm not sure if I'm infected, but the behavior is just too weird. What happens is that all of a sudden the User Account Control window pops up whenever I want to open a program, or even when I go back to a program that is already open. The keyboard will stop working, or if it does work, it types none of the words I'm actually typing--it's just gibberish. When I do a restart of the computer, the problem seems to go away, but then comes back after a few days or so. I lowered the security settings in User Account Control down a "not recommended" level. This seemed to work for a few weeks until just about an hour ago. I have Windows 10 on a Dell Inspiron 5000 series. Thanks for any help and advice.
 
Here are my FRST logs:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by CyLargesse (administrator) on DESKTOP-M79LQ4P (06-11-2017 00:21:45)
Running from C:\Users\CyLargesse\Downloads
Loaded Profiles: CyLargesse (Available Profiles: CyLargesse)
Platform: Windows 10 Home Version 1709 16299.19 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120130.inf_amd64_299d0c74ec099c32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120130.inf_amd64_299d0c74ec099c32\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120130.inf_amd64_299d0c74ec099c32\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120130.inf_amd64_299d0c74ec099c32\igfxEM.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\CyLargesse\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-05-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1488360 2017-05-18] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3893296 2016-05-17] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-11] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [976768 2017-05-08] (Waves Audio Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-680518151-4235330687-31992823-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25621648 2017-10-09] (Google)
HKU\S-1-5-21-680518151-4235330687-31992823-1001\...\Run: [Spotify Web Helper] => C:\Users\CyLargesse\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-05-03] (Spotify Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a8272000-207b-45ec-a5a4-2d219a3218c9}: [DhcpNameServer] 172.41.1.171
Tcpip\..\Interfaces\{cb076d34-4a59-4b82-90a7-e2af56aa8cc3}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-680518151-4235330687-31992823-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-680518151-4235330687-31992823-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-680518151-4235330687-31992823-1001 -> DefaultScope {2F235E92-1027-4736-AB1E-2D88C4D10D71} URL = 
SearchScopes: HKU\S-1-5-21-680518151-4235330687-31992823-1001 -> {2F235E92-1027-4736-AB1E-2D88C4D10D71} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Slides) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-05]
CHR Extension: (MEGA) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-11-02]
CHR Extension: (YouTube) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-05]
CHR Extension: (Adobe Acrobat) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-28]
CHR Extension: (Sheets) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-05]
CHR Extension: (Avast Online Security) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\CyLargesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-25]
CHR HKU\S-1-5-21-680518151-4235330687-31992823-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-11] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-11] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7923880 2017-10-23] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [122400 2017-10-13] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2223864 2017-01-05] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-02-13] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-05-18] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-08] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3743648 2017-02-13] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-11] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-11] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1029872 2017-10-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-11] (AVAST Software)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [79928 2017-01-05] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [75320 2017-01-05] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [358968 2017-01-05] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-12] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [30816 2016-05-24] (Intel)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [140896 2016-06-05] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [78432 2016-06-08] (Intel)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-06] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3149824 2016-11-14] (Realtek Semiconductor Corp.)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-06 00:21 - 2017-11-06 00:21 - 000020374 _____ C:\Users\CyLargesse\Downloads\FRST.txt
2017-11-06 00:21 - 2017-11-06 00:21 - 000000000 ____D C:\FRST
2017-11-06 00:19 - 2017-11-06 00:19 - 002403328 _____ (Farbar) C:\Users\CyLargesse\Downloads\FRST64.exe
2017-11-04 11:26 - 2017-11-04 11:26 - 000295565 _____ C:\Users\CyLargesse\Downloads\HW 07 - solutions to assigned - Stats 412 - F17.pdf
2017-11-03 22:06 - 2017-11-03 22:06 - 000000293 _____ C:\Users\CyLargesse\Downloads\JMP.per
2017-11-03 22:05 - 2017-11-03 22:06 - 000000000 ____D C:\Users\CyLargesse\AppData\Roaming\SAS
2017-11-03 21:58 - 2017-11-03 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMP 13
2017-11-03 21:57 - 2017-11-03 21:57 - 000000000 ____D C:\Program Files\SAS
2017-11-03 21:54 - 2017-11-03 21:54 - 000000000 ____D C:\Users\CyLargesse\Downloads\JMPPro13.1Win9BQHHN
2017-11-02 16:23 - 2017-11-02 16:19 - 000000954 _____ C:\Users\CyLargesse\Downloads\JMP131_9BRP4B_70114140_Win_X64.txt
2017-11-02 16:20 - 2017-11-02 16:23 - 910172248 _____ C:\Users\CyLargesse\Downloads\JMPPro13.1Win9BQHHN.zip
2017-11-02 15:02 - 2017-11-02 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-01 06:58 - 2017-11-01 06:58 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-01 06:58 - 2017-11-01 06:58 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-01 06:58 - 2017-11-01 06:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-01 06:58 - 2017-11-01 06:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-10-28 10:20 - 2017-10-28 10:31 - 000000000 ____D C:\Users\CyLargesse\Documents\Math Return
2017-10-26 13:37 - 2017-10-26 09:46 - 000000000 ____D C:\Windows.old
2017-10-26 10:54 - 2017-10-26 10:54 - 000000000 ____D C:\Users\CyLargesse\AppData\Local\PlaceholderTileLogoFolder
2017-10-26 09:59 - 2017-10-26 09:59 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-10-26 09:57 - 2017-10-26 09:57 - 000000020 ___SH C:\Users\CyLargesse\ntuser.ini
2017-10-26 09:57 - 2017-10-26 09:57 - 000000000 ___RD C:\Users\CyLargesse\3D Objects
2017-10-26 09:57 - 2017-10-26 09:57 - 000000000 ___HD C:\Users\CyLargesse\MicrosoftEdgeBackups
2017-10-26 09:50 - 2017-10-26 09:50 - 000000000 ____D C:\ProgramData\USOShared
2017-10-26 09:47 - 2017-11-06 00:09 - 000908996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-26 09:45 - 2017-11-06 00:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-26 09:45 - 2017-11-05 23:48 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF0D953F-0779-4570-8F7C-47C4F389B264}
2017-10-26 09:45 - 2017-10-30 22:17 - 000003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-10-26 09:45 - 2017-10-30 14:20 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-680518151-4235330687-31992823-1001
2017-10-26 09:45 - 2017-10-26 09:45 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-10-26 09:45 - 2017-10-26 09:45 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-10-26 09:45 - 2017-10-26 09:45 - 000003808 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-10-26 09:45 - 2017-10-26 09:45 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-10-26 09:45 - 2017-10-26 09:45 - 000003448 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-10-26 09:45 - 2017-10-26 09:45 - 000003370 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1504404131
2017-10-26 09:45 - 2017-10-26 09:45 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-26 09:45 - 2017-10-26 09:45 - 000003258 _____ C:\WINDOWS\System32\Tasks\MATLAB R2017b Startup Accelerator
2017-10-26 09:45 - 2017-10-26 09:45 - 000003256 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-10-26 09:45 - 2017-10-26 09:45 - 000003224 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-10-26 09:45 - 2017-10-26 09:45 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-26 09:45 - 2017-10-26 09:45 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-10-26 09:45 - 2017-10-26 09:45 - 000003098 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-10-26 09:45 - 2017-10-26 09:45 - 000002978 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-10-26 09:45 - 2017-10-26 09:45 - 000002942 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-10-26 09:45 - 2017-10-26 09:45 - 000002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2017-10-26 09:45 - 2017-10-26 09:45 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-680518151-4235330687-31992823-1001
2017-10-26 09:45 - 2017-10-26 09:45 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-10-26 09:45 - 2017-10-26 09:45 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-10-26 09:41 - 2017-10-29 14:34 - 000000000 ____D C:\Users\CyLargesse\AppData\Local\Packages
2017-10-26 09:41 - 2017-10-26 09:41 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-10-26 09:41 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-10-26 09:40 - 2017-10-26 09:57 - 000000000 ____D C:\Users\CyLargesse
2017-10-26 09:40 - 2017-10-26 09:40 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudioPro.lnk
2017-10-26 09:39 - 2017-11-05 20:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-26 09:39 - 2017-10-26 09:43 - 000394520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-26 09:39 - 2017-01-03 18:53 - 000122368 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-10-26 09:39 - 2017-01-03 18:53 - 000104448 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-10-25 23:35 - 2017-10-26 13:37 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-10-25 23:35 - 2017-10-26 09:53 - 001029872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-10-25 23:35 - 2017-10-25 23:35 - 000000000 ___DL C:\ProgramData\SWCUTemp
2017-10-25 23:35 - 2017-10-11 20:44 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-25 23:35 - 2017-10-11 20:44 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-10-25 23:35 - 2017-10-11 20:44 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-25 23:35 - 2017-09-02 21:02 - 000041832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-10-25 23:35 - 2017-08-21 01:15 - 000146696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150329614082807
2017-10-25 23:35 - 2017-08-21 01:15 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150329613123403
2017-10-25 23:35 - 2017-07-27 13:39 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150118079868703
2017-10-25 23:35 - 2017-07-09 14:53 - 001015848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.150329614082807
2017-10-25 23:35 - 2017-07-09 14:53 - 000360792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.149963001434306
2017-10-25 23:35 - 2017-03-11 22:27 - 000547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148928928609304
2017-10-25 23:30 - 2017-10-25 23:35 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-10-25 23:26 - 2017-10-25 23:26 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 023664128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 021752832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 019343360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 018913792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 017080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 008592280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-25 23:26 - 2017-10-25 23:26 - 008097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 006032896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 004744192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 003681280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 003672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 003312432 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 002474080 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 002106880 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001633744 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001528912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-25 23:26 - 2017-10-25 23:26 - 001165824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-25 23:26 - 2017-10-25 23:26 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-10-25 23:26 - 2017-10-25 23:26 - 000769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-10-25 23:26 - 2017-10-25 23:26 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000045976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-25 23:26 - 2017-10-25 23:26 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-25 23:26 - 2017-10-25 23:26 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-25 23:20 - 2017-10-25 23:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-10-25 23:20 - 2017-10-25 23:20 - 000000000 ____D C:\Program Files\MSBuild
2017-10-25 23:20 - 2017-10-25 23:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-10-25 23:20 - 2017-10-25 23:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-10-25 23:19 - 2017-10-25 23:19 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-10-25 23:19 - 2017-10-25 23:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-10-25 23:19 - 2017-10-25 23:19 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-10-25 23:19 - 2017-10-25 23:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-10-25 23:19 - 2017-10-25 23:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-10-25 23:19 - 2017-10-25 23:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-10-25 23:11 - 2017-10-25 23:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-10-25 20:52 - 2017-10-26 09:57 - 000000000 ___DC C:\WINDOWS\Panther
2017-10-20 03:08 - 2017-10-20 03:08 - 000000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-10-19 23:18 - 2017-10-19 23:18 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-10-16 00:39 - 2017-10-26 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2017b
2017-10-16 00:39 - 2017-10-16 00:39 - 000000588 _____ C:\WINDOWS\Tasks\MATLAB R2017b Startup Accelerator.job
2017-10-15 22:56 - 2017-10-15 22:56 - 000000000 ____D C:\Users\CyLargesse\Downloads\_temp_matlab_R2017b_win64
2017-10-11 08:36 - 2017-10-11 08:36 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-08 15:39 - 2017-10-24 08:19 - 000000000 ____D C:\Users\CyLargesse\Documents\MyTiData
2017-10-08 15:39 - 2017-10-08 15:39 - 000000000 ____D C:\Program Files\DIFX
2017-10-08 15:38 - 2017-10-25 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
2017-10-08 15:38 - 2017-10-08 15:38 - 000000000 ____D C:\Program Files (x86)\TI Education
2017-10-08 15:12 - 2017-10-08 15:12 - 000000000 ____D C:\Users\CyLargesse\AppData\Roaming\com.ti.et.elg.tiConnect.TIConnectApplication
2017-10-08 15:05 - 2017-10-08 15:05 - 000000000 ____D C:\Users\CyLargesse\AppData\Roaming\Texas Instruments
2017-10-08 15:05 - 2017-10-08 15:05 - 000000000 ____D C:\ProgramData\Oracle
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-06 00:03 - 2016-12-05 02:35 - 000000000 ___RD C:\Users\CyLargesse\Google Drive
2017-11-06 00:02 - 2017-10-04 08:31 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-06 00:02 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-06 00:02 - 2016-12-05 00:51 - 000000000 __SHD C:\Users\CyLargesse\IntelGraphicsProfiles
2017-11-06 00:00 - 2017-09-07 14:57 - 000045056 _____ C:\Users\CyLargesse\AppData\Local\WebpageIcons.db
2017-11-06 00:00 - 2017-09-07 14:55 - 000000000 ____D C:\Users\CyLargesse\AppData\Roaming\RStudio
2017-11-06 00:00 - 2017-09-07 14:55 - 000000000 ____D C:\Users\CyLargesse\AppData\Local\RStudio-Desktop
2017-11-06 00:00 - 2017-09-03 07:51 - 000000008 _____ C:\Users\CyLargesse\Documents\.Rhistory
2017-11-05 23:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-05 23:49 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-05 23:49 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-05 23:49 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-04 20:14 - 2017-07-05 04:24 - 000000000 ____D C:\Users\CyLargesse\Documents\STATS406
2017-11-04 12:29 - 2017-09-10 07:19 - 000000000 ____D C:\Users\CyLargesse\AppData\Roaming\TIDAL
2017-11-03 21:57 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-03 21:57 - 2016-10-15 14:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-03 21:57 - 2016-10-15 14:39 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-02 15:02 - 2016-10-15 14:42 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-02 10:06 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-01 17:59 - 2017-04-30 18:12 - 000000219 _____ C:\Users\CyLargesse\Desktop\life goes.txt
2017-10-30 18:44 - 2017-09-02 23:45 - 000000000 ____D C:\Users\CyLargesse\Documents\MATLAB
2017-10-30 14:20 - 2016-12-05 00:53 - 000002376 _____ C:\Users\CyLargesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-30 14:20 - 2016-12-05 00:53 - 000000000 ___RD C:\Users\CyLargesse\OneDrive
2017-10-30 08:56 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2017-10-29 15:56 - 2017-09-18 09:30 - 000000000 ____D C:\Users\CyLargesse\Documents\auntie
2017-10-29 15:56 - 2017-05-31 13:08 - 000000156 _____ C:\Users\CyLargesse\Desktop\bankruptcy questions.txt
2017-10-29 14:21 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-29 14:18 - 2016-10-15 14:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-10-27 10:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-10-26 14:54 - 2017-09-29 08:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-26 14:54 - 2017-09-29 08:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-26 13:38 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-10-26 13:37 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2017-10-26 13:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-10-26 13:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-10-26 13:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-26 13:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-26 13:37 - 2017-09-15 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-26 13:37 - 2017-09-15 06:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-26 13:37 - 2017-09-07 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2017-10-26 13:37 - 2017-09-07 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2017-10-26 13:37 - 2017-06-22 19:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2017-10-26 13:37 - 2017-05-21 18:37 - 000000000 ____D C:\Program Files\Intel
2017-10-26 13:37 - 2017-05-18 14:21 - 000000000 ____D C:\Program Files\UNP
2017-10-26 13:37 - 2017-04-30 12:12 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2017-10-26 13:37 - 2017-04-30 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2017-10-26 13:37 - 2017-03-30 01:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-10-26 13:37 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-10-26 13:37 - 2017-03-12 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-10-26 13:37 - 2016-12-17 14:46 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-10-26 13:37 - 2016-12-10 18:40 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-10-26 13:37 - 2016-12-05 02:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-10-26 13:37 - 2016-10-15 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-10-26 13:37 - 2016-10-15 14:41 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-10-26 13:37 - 2016-10-15 14:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-10-26 09:57 - 2016-12-05 00:51 - 000000000 ____D C:\Users\CyLargesse\AppData\Local\TileDataLayer
2017-10-26 09:57 - 2016-04-25 15:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-26 09:50 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-10-26 09:45 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2017-10-26 09:45 - 2017-08-21 01:40 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-26 09:45 - 2016-12-11 02:00 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-10-26 09:42 - 2016-12-05 01:35 - 000000000 ____D C:\Users\CyLargesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlacSquisher
2017-10-26 09:41 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-26 09:41 - 2017-09-10 07:19 - 000000000 ____D C:\Users\CyLargesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TIDAL
2017-10-26 09:40 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-10-26 09:40 - 2017-05-21 18:38 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2017-10-26 09:40 - 2017-05-21 18:38 - 000000000 ____D C:\Program Files\Waves
2017-10-26 09:40 - 2017-05-21 18:37 - 000110423 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-10-26 09:40 - 2017-05-21 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-10-26 09:39 - 2017-05-21 18:37 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-10-25 23:41 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-10-25 23:35 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-25 23:35 - 2017-08-21 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-10-25 23:35 - 2017-05-21 18:37 - 000000000 ____D C:\WINDOWS\system32\Intel
2017-10-25 23:35 - 2017-05-21 18:37 - 000000000 ____D C:\WINDOWS\Firmware
2017-10-25 23:35 - 2017-05-21 18:37 - 000000000 ____D C:\Program Files\Realtek
2017-10-25 23:35 - 2016-12-10 18:40 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-10-25 23:27 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-10-25 23:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-10-25 20:50 - 2016-12-05 02:05 - 000000307 _____ C:\WINDOWS\SysWOW64\DLC_Debug_log.txt
2017-10-25 20:49 - 2016-10-15 14:39 - 000000000 ____D C:\Program Files\Dell
2017-10-24 08:29 - 2016-12-05 02:32 - 000000000 ____D C:\Users\CyLargesse\Documents\visas
2017-10-24 08:28 - 2016-12-05 02:32 - 000000000 ____D C:\Users\CyLargesse\Documents\mapics
2017-10-22 22:47 - 2017-07-22 23:08 - 000000111 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2017-10-16 00:42 - 2017-09-02 23:22 - 000000000 ____D C:\ProgramData\MathWorks
2017-10-15 23:01 - 2017-09-02 21:29 - 000000000 ____D C:\Users\CyLargesse\Downloads\MathWorks
2017-10-15 22:57 - 2017-09-02 21:25 - 000000000 ____D C:\Program Files\MATLAB
2017-10-11 20:44 - 2017-06-09 00:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-10-11 20:44 - 2016-12-05 02:41 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-11 08:38 - 2016-12-07 13:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 08:36 - 2016-12-07 13:38 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-09 07:43 - 2017-09-15 08:01 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-07 12:49 - 2017-07-04 16:19 - 000000000 ____D C:\Users\CyLargesse\Documents\ENGL232
 
==================== Files in the root of some directories =======
 
2017-04-09 07:57 - 2017-04-09 07:57 - 000007607 _____ () C:\Users\CyLargesse\AppData\Local\Resmon.ResmonCfg
2017-09-07 14:57 - 2017-11-06 00:00 - 000045056 _____ () C:\Users\CyLargesse\AppData\Local\WebpageIcons.db
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-05 12:31
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by CyLargesse (06-11-2017 00:22:14)
Running from C:\Users\CyLargesse\Downloads
Windows 10 Home Version 1709 16299.19 (X64) (2017-10-26 14:46:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-680518151-4235330687-31992823-500 - Administrator - Disabled)
CyLargesse (S-1-5-21-680518151-4235330687-31992823-1001 - Administrator - Enabled) => C:\Users\CyLargesse
DefaultAccount (S-1-5-21-680518151-4235330687-31992823-503 - Limited - Disabled)
Guest (S-1-5-21-680518151-4235330687-31992823-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-680518151-4235330687-31992823-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.6 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssist Remediation (HKLM\...\{4164FBBB-3428-4EFE-863F-30CAC3ADE51A}) (Version: 3.1.2.3837 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{80642b68-d76d-4777-a9dc-4ca30647e8a8}) (Version: 3.1.2.3837 - Dell Inc.)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
FlacSquisher 1.3.7 (HKLM-x32\...\FlacSquisher) (Version: 1.3.7 - FlacSquisher)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Drive (HKLM-x32\...\{AC117AF9-316B-4E1D-959E-F0EB85B0DC5F}) (Version: 2.34.7100.0000 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.313 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4574 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{b3c2a365-876b-4588-97ce-5ab104b07d57}) (Version: 3.0.30.1076 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{66614300-cd9b-4a62-8b18-c97e9562dc3e}) (Version: 19.50.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{7F65AED2-5B3C-40DD-996B-6F8820856F34}) (Version: 3.0.30.1076 - Intel Corporation) Hidden
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
JMP Pro 13 (HKLM-x32\...\{4DC2278F-75CE-4316-A76B-F5206C1CEE02}) (Version: 13.1.0 - SAS Institute Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MATLAB R2017b (HKLM\...\Matlab R2017b) (Version: 9.3 - MathWorks)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9179.0 - Waves Audio Ltd.) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8528.2147 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-680518151-4235330687-31992823-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.37 - Dell Inc.)
R for Windows 3.4.1 (HKLM\...\R for Windows 3.4.1_is1) (Version: 3.4.1 - R Core Team)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11224 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.153 - RStudio)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Spotify (HKU\S-1-5-21-680518151-4235330687-31992823-1001\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
TIDAL (HKU\S-1-5-21-680518151-4235330687-31992823-1001\...\TIDAL) (Version: 2.1.11 - TIDAL Music AS)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-680518151-4235330687-31992823-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k120130.inf_amd64_299d0c74ec099c32\igfxDTCM.dll [2017-01-03] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13EA4216-5D34-45BC-8EA9-25F743D9AC9E} - System32\Tasks\MATLAB R2017b Startup Accelerator => C:\Program Files\MATLAB\R2017b\bin\win64\MATLABStartupAccelerator.exe [2017-07-24] ()
Task: {196A22DE-6B4B-4194-A5E2-0224CA797800} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-05] (Dropbox, Inc.)
Task: {1D709376-54C0-4321-9D8C-6751A7745466} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {1EC5CD26-3842-4027-B4F5-8E675B197BF4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {1FB37FE0-E51E-4562-BA8A-228CF13FB83A} - System32\Tasks\S-1-5-21-680518151-4235330687-31992823-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {228F4F02-5D60-4AB3-ADA2-EF18EFD11A90} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {2E6ED8C8-53E5-4C2C-8FEE-4EF7A5CE6449} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {3A27F915-BD99-4286-93BA-59A30995F12F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {403B8E03-B019-4E23-AF94-E22C79083680} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-05] (Google Inc.)
Task: {6351DD67-1A8C-4E6A-B7D0-1CC15C1E1CC2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {762AB8AD-EBC1-4921-BD7B-65FA76C80478} - System32\Tasks\SafeZone scheduled Autoupdate 1504404131 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {7BCCD929-0104-485C-B868-62AE636B908D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-11] (AVAST Software)
Task: {846EBE65-1536-4651-AA5D-702AF04968A0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-10-29] (Microsoft Corporation)
Task: {9AEA3A8A-66A3-4019-B9DA-34037592F66A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-29] (Microsoft Corporation)
Task: {A4BC4509-08D7-40FF-96F9-2FCA296B2F0C} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-05-18] (Realtek Semiconductor)
Task: {B7BD0C12-DC5C-441F-B256-3C396F5FD8C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-05] (Google Inc.)
Task: {C00C4F72-8B4E-4CB4-9ADD-8267D75DCC1C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-23] (Microsoft Corporation)
Task: {C7A851AB-EF95-44DA-8C39-8C40C23545B3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {CB5C6374-BDA5-47CD-AE65-53A0AD16CF33} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {D3DF83FE-E6C3-46E5-BFB7-AF5D00F2DA46} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D6418660-8869-446D-9032-5D08631D4EA8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {EBF49145-880C-465A-8E9C-878D38B8E3B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {EE9CB44B-8D78-481B-A2F7-9CBA20DA64CB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
Task: {F264F7D3-58F9-4BEC-A841-5A9DA12F7860} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-29] (Microsoft Corporation)
Task: {FCC2F22E-94D5-456F-9EBA-923E12116B64} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-05] (Dropbox, Inc.)
Task: {FCF60E10-393D-4D35-ACDC-D72BF0F59B2B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-23] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2017b Startup Accelerator.job => C:\Program Files\MATLAB\R2017b\bin\win64\MATLABStartupAccelerator.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-15 08:01 - 2017-10-09 07:43 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-10-15 14:53 - 2017-10-19 23:25 - 008929464 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-30 13:06 - 2017-10-30 13:06 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-30 13:06 - 2017-10-30 13:06 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-30 13:06 - 2017-10-30 13:06 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-30 13:06 - 2017-10-30 13:06 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-10-11 20:44 - 2017-10-11 20:44 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-11 20:44 - 2017-10-11 20:44 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-09 14:53 - 2017-07-09 14:53 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-11 20:44 - 2017-10-11 20:44 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-11 20:44 - 2017-10-11 20:44 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-11 20:44 - 2017-10-11 20:44 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-25 08:44 - 2017-10-25 08:44 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-06 00:03 - 2017-11-06 00:03 - 000098816 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32api.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000110080 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\pywintypes27.dll
2017-11-06 00:03 - 2017-11-06 00:03 - 000364544 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\pythoncom27.dll
2017-11-06 00:03 - 2017-11-06 00:03 - 000320512 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32com.shell.shell.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000914432 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\_hashlib.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 001176576 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\wx._core_.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000806400 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\wx._gdi_.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000816128 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\wx._windows_.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 001067008 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\wx._controls_.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000733184 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\wx._misc_.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000682496 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\pysqlite2._sqlite.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000088064 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\_ctypes.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000686080 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\unicodedata.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000119808 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32file.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000108544 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32security.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000007168 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\hashobjs_ext.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000017920 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\thumbnails_ext.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000088064 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\usb_ext.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000012800 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\common.time34.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000018432 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32event.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000167936 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32gui.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000046080 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\_socket.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 001303552 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\_ssl.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000128512 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\_elementtree.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000127488 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\pyexpat.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000038912 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32inet.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000036864 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\_psutil_windows.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000524248 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\windows._lib_cacheinvalidation.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000011264 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32crypt.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000123392 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\wx._wizard.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000077312 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\wx._html2.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000027648 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\_multiprocessing.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000020480 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\_yappi.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000035840 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32process.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000078848 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\wx._animate.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000024064 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32pipe.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000010240 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\select.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000025600 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32pdh.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000017408 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32profile.pyd
2017-11-06 00:03 - 2017-11-06 00:03 - 000022528 ____R () C:\Users\CyLargesse\AppData\Local\Temp\_MEI103762\win32ts.pyd
2017-11-02 15:02 - 2017-11-01 06:58 - 000724288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-11-02 15:02 - 2017-11-01 06:58 - 002002752 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-08-05 12:00 - 2017-11-01 06:57 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-11-02 15:02 - 2017-11-01 06:57 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-11-02 15:02 - 2017-11-01 06:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-08-05 12:00 - 2017-11-01 06:57 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-11-02 15:02 - 2017-11-01 06:57 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-11-02 15:02 - 2017-11-01 06:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-08-05 12:00 - 2017-11-01 07:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 19:28 - 2017-11-01 06:57 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-10 05:04 - 2017-11-01 07:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-08-05 12:00 - 2017-11-01 06:57 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-08-05 12:00 - 2017-11-01 07:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-11-02 15:02 - 2017-11-01 06:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-11-02 15:02 - 2017-11-01 07:01 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-11-02 15:02 - 2017-11-01 06:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-11-02 15:02 - 2017-11-01 07:01 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-08-05 12:00 - 2017-11-01 07:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-11-02 15:02 - 2017-11-01 07:01 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-08-05 12:00 - 2017-11-01 07:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-11-02 15:02 - 2017-11-01 07:01 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-09-19 09:35 - 2017-09-19 09:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 18:26 - 2015-06-23 18:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-05-01 14:27 - 2017-05-01 14:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-05-16 23:50 - 2016-05-16 23:50 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-680518151-4235330687-31992823-1001\...\sharepoint.com -> hxxps://5d55e1824c5a44e68bc2-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2015-10-30 02:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-680518151-4235330687-31992823-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CyLargesse\Pictures\tumblr_okw7xigtjz1vura5zo1_1280.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6FB94865-197B-475E-BE07-A3DED16C7028}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4E8B82A5-59E0-4A90-9FED-4A4120A059C1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{6F44110D-41DD-4B27-93E0-2B2593C5C3B4}C:\program files\matlab\r2017a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2017a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{3B1B89EA-6E7D-4575-B6AA-43B8FFB49502}C:\program files\matlab\r2017a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2017a\bin\win64\matlab.exe
FirewallRules: [{E2C0CCE6-99BE-4258-B5B0-35DFB9A1E46F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{12FFF9A2-FB23-4D0B-9373-D0F1FE5172A2}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{03B9A51C-4544-4EE7-9BAB-A519C173CCFA}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{598F463A-F461-42AC-8E3C-7814313D12F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2DF43521-0052-4D4B-8E80-A4AB6DE0D919}] => (Block) C:\users\cylargesse\appdata\roaming\spotify\spotify.exe
FirewallRules: [{91B8794E-3669-45F1-AAA8-58F1E233BBE2}] => (Block) C:\users\cylargesse\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{ECB19C71-BA66-41BC-928E-BD01919E5DE9}C:\users\cylargesse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cylargesse\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5EFDB2F5-36DB-4971-A6C2-C1F4C5FD81AD}C:\users\cylargesse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cylargesse\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1F505A1B-4BF6-41C2-9E50-548B35DD8591}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1C9B31BD-7C62-43D2-B0C7-50F2E3C64B77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{631B4670-D658-45CC-9B4C-C0615089A9C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59383700-8ACF-4049-9380-1BD56793B584}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{333D9EC0-3D53-4347-9A3C-37A6BF924125}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CD1E69CF-3287-4053-B815-5D1823DFF759}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{81744827-4082-436F-9B9D-2A53361A8282}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{32EEB470-6697-428A-8EE5-F79A6DDDA295}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E829D8EA-D072-4EEC-B8C7-493F0D458841}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
27-10-2017 10:51:09 Windows Update
03-11-2017 21:52:30 SEANjmP
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2017 12:03:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/05/2017 11:51:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/05/2017 11:50:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/05/2017 11:49:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/05/2017 11:34:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/04/2017 07:27:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/04/2017 10:35:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/03/2017 10:04:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/03/2017 09:52:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/03/2017 04:09:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
 
System errors:
=============
Error: (11/06/2017 12:17:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/06/2017 12:08:49 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-M79LQ4P)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-M79LQ4P\CyLargesse SID (S-1-5-21-680518151-4235330687-31992823-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/06/2017 12:03:21 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-M79LQ4P)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-M79LQ4P\CyLargesse SID (S-1-5-21-680518151-4235330687-31992823-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/05/2017 11:45:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/05/2017 11:45:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.
 
Error: (11/05/2017 08:10:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.
 
Error: (11/05/2017 08:10:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.
 
Error: (11/05/2017 08:10:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.
 
Error: (11/05/2017 08:10:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.
 
Error: (11/05/2017 08:10:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-06 00:17:46.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-06 00:17:46.744
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-06 00:17:46.723
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-06 00:17:46.720
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-06 00:12:54.238
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-06 00:12:54.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-06 00:12:49.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-06 00:12:49.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-06 00:07:23.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-06 00:07:23.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8061.23 MB
Available physical RAM: 5090.54 MB
Total Virtual: 9341.23 MB
Available Virtual: 5403.71 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:225.48 GB) (Free:110.74 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:1863.01 GB) (Free:1243.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: ACAA1426)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 8CF50370)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


m

#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:55 AM

Posted 06 November 2017 - 05:31 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

  • Highlight the entire content of the quote box below.

Start::  
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {3A27F915-BD99-4286-93BA-59A30995F12F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {3A27F915-BD99-4286-93BA-59A30995F12F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 

Let me know how is the computer is doing after a restart.


Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Thelonius

Thelonius
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 07 November 2017 - 12:10 AM

After the FRST64 ran the script you wrote, it forced me to restart the computer. It wasn't mentioned in your post that that could happen, so I hope I didn't do something wrong. The Malwarebytes AdwareCleaner didn't return any infections and so it didn't reboot the computer. I guess I'd have to wait some time to observe how my computer acts to give a proper report back. Thanks for your time and kindness.
 
 
Here are my logs:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by CyLargesse (06-11-2017 23:53:00) Run:1
Running from C:\Users\CyLargesse\Downloads
Loaded Profiles: CyLargesse (Available Profiles: CyLargesse)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {3A27F915-BD99-4286-93BA-59A30995F12F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {3A27F915-BD99-4286-93BA-59A30995F12F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A27F915-BD99-4286-93BA-59A30995F12F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A27F915-BD99-4286-93BA-59A30995F12F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A27F915-BD99-4286-93BA-59A30995F12F} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found. 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-680518151-4235330687-31992823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-680518151-4235330687-31992823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Intel-SST-CFD-HDA/IntelSST. The instance name passed was not recognized as valid by a WMI data provider.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {0C092F14-D3C1-47DC-981F-912838A70E7D}.
{1FD45DC4-BAE6-490F-BC11-4318578D1B2F} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20099348 B
Java, Flash, Steam htmlcache => 891 B
Windows/system/drivers => 3913635 B
Edge => 11338 B
Chrome => 403787639 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1642 B
NetworkService => 0 B
CyLargesse => 102150123 B
 
RecycleBin => 1488968082 B
EmptyTemp: => 1.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:54:12 ====
 
 
 
 
# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 07 05:02:15 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-06-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:55 AM

Posted 07 November 2017 - 02:37 PM

Yes. Let me know if that behavior continues.


Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:55 AM

Posted 08 November 2017 - 05:30 PM

How is it doing?


Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:55 AM

Posted 10 November 2017 - 05:55 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users