Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Gmail Bugs Allow Changing From: Field and Spoofing Recipient's Address

Featured Deal: Get 98% off The Ultimate Java Programming Bundle: Lifetime Access Bundle

Trovi, cityextension page infection?

Started by some1uknown , Mar 22 2018 02:02 PM

This topic is locked

16 replies to this topic

#1 some1uknown

Members
19 posts
OFFLINE

Gender:Male
Location:LA
Local time:06:35 PM

Posted 22 March 2018 - 02:02 PM

Hey everyone,

I currently have a problem where everytime I try to do any kind of search it attempts to redirect me to trovi and then goes to cityextension page and then bing even though I try to use google search. I'm not sure where to start, can anyone help me out?

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 nasdaq

Malware Response Team
40,476 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:08:35 PM

Posted 23 March 2018 - 08:02 AM

Please download Malwarebytes Anti-Malware from here

Right-click on the MBAM icon and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
On the left menu pane click the Settings tab, and then select the Protection tab on the top.
Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
Note: The scan may take some time to finish, so please be patient.
If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2:

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the LogFile button and the report will open in Notepad.

IMPORTANT

If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Check off the element(s) you wish to keep.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleanerCx.txt (x is a number).

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Let me know what problems persists.
==============================

#3 some1uknown

Topic Starter

Members
19 posts
OFFLINE

Gender:Male
Location:LA
Local time:06:35 PM

Posted 23 March 2018 - 02:18 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018

Ran by RG (administrator) on DESKTOP-NNGBV58 (23-03-2018 12:12:07)

Running from C:\Users\RG\Downloads

Loaded Profiles: RG (Available Profiles: john & RG)

Platform: Windows 10 Home Version 1703 15063.850 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\snnmagisvc.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel Corporation) C:\Windows\System32\ibtsiva.exe

(ExamSoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Examplify\Services\Examsoft.SoftShield.exe

(Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe

(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe

(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe

(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igfxEM.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\IntelCpHeciSvc.exe

(Spotify Ltd) C:\Users\RG\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe

() C:\Users\RG\AppData\Local\vskbtin\vskbtin.exe

() C:\Users\RG\AppData\Local\snmbzhp\upbdlak.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe

(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe

(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe

(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe

(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe

(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe

() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe

(Igor Pavlov) C:\Program Files\7-Zip\7zFM.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

(Microsoft Corporation) C:\Program Files\rempl\remsh.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.994_none_9e3edae32dc31172\TiWorker.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes) C:\Users\RG\Downloads\AdwCleaner.exe

() C:\Users\RG\AppData\Local\vskbtin\avbcmrg.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Farbar) C:\Users\RG\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9244152 2017-09-14] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502712 2017-09-14] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502712 2017-09-14] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3885616 2016-03-03] (Dell Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)

HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.)

HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X8\Programs\QFSCHD180.EXE [235688 2016-04-11] (Corel Corporation)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-02-22] (Adobe Systems Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-02-22] (Adobe Systems Incorporated)

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\Run: [prsetup.exe] => "C:\Users\RG\AppData\Local\Temp\is-RG620.tmp\prsetup.exe" /logon <==== ATTENTION

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\Run: [glossed] => "C:\Program Files (x86)\Kilbride\freely.exe"

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\Run: [troubleshoot] => "C:\Program Files (x86)\nite\troubleshoot.exe"

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\Run: [Spotify] => C:\Users\RG\AppData\Roaming\Spotify\Spotify.exe [21894544 2018-03-05] (Spotify Ltd)

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\Run: [Spotify Web Helper] => C:\Users\RG\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-05] (Spotify Ltd)

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\Run: [VPN Unlimited] => C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-launcher.exe [390656 2018-02-08] (KeepSolid Inc.)

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\MountPoints2: {602083e3-9734-11e7-aa77-c6fc230078ca} - "D:\Menschen A1 iZU Installer.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.10

Tcpip\Parameters: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{15bfc9d1-0aa6-4c92-9c21-08421c9fb9cb}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{5bbd4e15-2a52-4717-8762-6edcfc7353cc}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{5bbd4e15-2a52-4717-8762-6edcfc7353cc}: [DhcpNameServer] 10.208.0.1

Tcpip\..\Interfaces\{bbf4e5d2-03c8-4459-b946-b38389474d39}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{bbf4e5d2-03c8-4459-b946-b38389474d39}: [DhcpNameServer] 192.168.1.10

Tcpip\..\Interfaces\{d81a3c86-8508-4bba-a698-475d94a38171}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{dba504f6-4bd4-4a10-8da7-a9d9c41911ad}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{f125daea-e93e-4866-a5e9-7ab74b60d3fb}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{f78f8f52-b489-11e7-be9a-806e6f6e6963}: [NameServer] 8.8.8.8

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE

SearchScopes: HKLM -> DefaultScope {38F4ED6B-AFC0-495F-A68C-6F7B00D20D7F} URL =

SearchScopes: HKLM-x32 -> DefaultScope {38F4ED6B-AFC0-495F-A68C-6F7B00D20D7F} URL =

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)

Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: 4huayhak.default

FF ProfilePath: C:\Users\RG\AppData\Roaming\Mozilla\Firefox\Profiles\4huayhak.default [2018-01-25]

FF Homepage: Mozilla\Firefox\Profiles\4huayhak.default -> hxxps://www.malwarebytes.org/restorebrowser//?serie=225&b=2&installkey=H4AjRzNivqBKxBw9HbbJ

FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi

FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-22]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)

FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2016-07-17] ( )

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default [2018-03-23]

CHR Extension: (Slides) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]

CHR Extension: (Docs) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]

CHR Extension: (Google Drive) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-24]

CHR Extension: (YouTube) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-24]

CHR Extension: (Facebook) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2018-01-24]

CHR Extension: (Adblock Plus) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]

CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2018-01-24]

CHR Extension: (Spotify - Music for every moment) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2018-01-24]

CHR Extension: (Adobe Acrobat) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-01-24]

CHR Extension: (Gmail Offline) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2018-01-24]

CHR Extension: (Google Calendar) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2018-01-24]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2018-01-24]

CHR Extension: (Pandora) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2018-01-24]

CHR Extension: (Highlight to Search) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg [2018-03-22]

CHR Extension: (Chrome Remote Desktop) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-01-24]

CHR Extension: (Google Docs Offline) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-24]

CHR Extension: (AdBlock) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-21]

CHR Extension: (Save to Google Drive) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2018-01-24]

CHR Extension: (Google Keep - notes and lists) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-03-21]

CHR Extension: (Google Play Music) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2018-01-24]

CHR Extension: (Lexis Views) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkegekhgmfgblcgjknebnmbdhndfpdl [2018-01-24]

CHR Extension: (Google Play) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2018-01-24]

CHR Extension: (Save as PDF) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2018-01-24]

CHR Extension: (StayFocusd) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2018-03-20]

CHR Extension: (Build with Chrome) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2018-01-24]

CHR Extension: (Google Maps) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-01-24]

CHR Extension: (Google Keep Chrome Extension) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-03-05]

CHR Extension: (Google Classroom) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2018-01-24]

CHR Extension: (Print) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2018-01-24]

CHR Extension: (Chrome Web Store Payments) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-24]

CHR Extension: (Gmail) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-24]

CHR Extension: (Chrome Media Router) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-14]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\plngxwc <==== ATTENTION (Rootkit!)

R2 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-09-30] (Intel Corporation)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.)

R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)

R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)

R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)

R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)

R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)

R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)

R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)

R2 ExamplifyService; C:\Program Files (x86)\Examsoft\Examplify\Services\Examsoft.SoftShield.exe [225816 2018-02-23] (ExamSoft Worldwide Inc.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)

R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)

R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]

S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)

S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [169576 2017-09-14] (Intel)

S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2016-01-21] (Intel Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()

R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [1197200 2016-05-13] (Logitech)

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]

R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2012-12-13] (Pharos Systems International) [File not signed]

S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]

R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)

R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)

S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-09-27] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333304 2017-09-14] (Realtek Semiconductor)

R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2016-07-17] ()

R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2017-03-26] (Hewlett-Packard)

R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2018-02-26] (TeamViewer GmbH)

R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [286208 2018-02-08] (KeepSolid Inc.) [File not signed]

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-18] (Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-18] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)

S2 Dell Foundation Services; "C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)

R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)

R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)

R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)

R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)

R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()

R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54272 2015-09-20] (Intel Corporation)

R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47928 2015-11-04] (Intel)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)

R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [135992 2015-11-04] (Intel)

R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [71992 2015-11-09] (Intel)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-03-22] (Malwarebytes)

S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-29] (Malwarebytes)

R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7638776 2017-04-19] (Intel Corporation)

R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()

S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()

S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)

R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3224576 2017-09-11] (Realtek Semiconductor Corp.)

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-24] ()

S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Apple, Inc.) [File not signed]

R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-18] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-18] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-18] (Microsoft Corporation)

R3 ilosvy; system32\drivers\orvybe.sys [X]

S3 MBAMFarflt; \SystemRoot\system32\DRIVERS\farflt.sys [X]

S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 12:11 - 2018-03-23 12:11 - 002403328 _____ (Farbar) C:\Users\RG\Downloads\FRST64 (1).exe

2018-03-23 12:11 - 2018-03-23 12:11 - 000001517 _____ C:\Users\RG\Desktop\AdwCleaner[S3].txt

2018-03-23 12:03 - 2018-03-23 12:03 - 000001244 _____ C:\Users\RG\Desktop\malwarebytes.txt

2018-03-22 23:26 - 2018-03-22 23:40 - 000000000 ____D C:\Users\RG\Downloads\The Good Place Season 2

2018-03-22 23:19 - 2018-03-22 23:19 - 000142672 ____N C:\WINDOWS\system32\Drivers\upaknrux.sys

2018-03-22 23:17 - 2018-03-23 11:56 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC

2018-03-22 11:58 - 2018-03-22 13:03 - 000000000 ____D C:\Users\RG\Desktop\mbar

2018-03-22 11:58 - 2018-03-22 13:03 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2018-03-22 11:58 - 2018-03-22 11:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\RG\Downloads\mbar-1.10.3.1001.exe

2018-03-22 11:58 - 2018-03-22 11:58 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1366A5FB.sys

2018-03-22 11:58 - 2018-03-22 11:58 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2018-03-22 11:17 - 2018-03-22 11:17 - 000945188 _____ C:\Users\RG\Downloads\Spring 2018 Week 9 In re Hammond PT Session.pptx

2018-03-22 10:44 - 2018-03-22 10:44 - 001075542 _____ C:\Users\RG\Downloads\Week 11 PPT for TWEN.pptx

2018-03-22 00:06 - 2018-03-22 00:06 - 008222496 _____ (Malwarebytes) C:\Users\RG\Downloads\AdwCleaner.exe

2018-03-21 19:24 - 2018-03-23 12:12 - 000030922 _____ C:\Users\RG\Downloads\FRST.txt

2018-03-21 19:24 - 2018-03-22 11:54 - 000063232 _____ C:\Users\RG\Downloads\Addition.txt

2018-03-21 19:23 - 2018-03-23 12:12 - 000000000 ____D C:\FRST

2018-03-21 19:14 - 2018-03-21 19:20 - 002403328 _____ (Farbar) C:\Users\RG\Downloads\FRST64.exe

2018-03-21 18:08 - 2018-03-21 18:08 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\RG\Downloads\flashplayer29_xa_install.exe

2018-03-21 14:55 - 2018-03-23 11:53 - 000000797 _____ C:\Users\RG\Desktop\Windows 10 Update Assistant.lnk

2018-03-20 14:07 - 2018-03-20 14:12 - 000876713 _____ C:\Users\RG\Documents\FEBRUARY STATEMENT.pdf

2018-03-20 12:49 - 2018-03-20 14:04 - 001450888 _____ C:\Users\RG\Documents\JANUARY STATEMENTturn to FEBRUARY.pdf

2018-03-20 11:55 - 2018-03-20 11:55 - 000647827 _____ C:\Users\RG\Downloads\CreditCardStatementFEBRUARY.pdf

2018-03-20 11:54 - 2018-03-20 12:12 - 001326581 _____ C:\Users\RG\Downloads\JANUARY STATEMENT.pdf

2018-03-20 11:54 - 2018-03-20 11:54 - 000888277 _____ C:\Users\RG\Downloads\JANUARY STATEMENT (1).pdf

2018-03-20 11:54 - 2018-03-20 11:54 - 000738612 _____ C:\Users\RG\Downloads\CreditCardStatementMARCH.pdf

2018-03-20 11:54 - 2018-03-20 11:54 - 000242858 _____ C:\Users\RG\Downloads\CreditCardStatementDECEMBER.pdf

2018-03-19 11:28 - 2018-03-19 11:28 - 000000000 ____D C:\Users\RG\AppData\Local\Microsoft Help

2018-03-17 23:33 - 2018-03-17 23:33 - 000000000 ____D C:\Users\RG\AppData\Roaming\de.hueber.menschena1izu

2018-03-17 23:32 - 2018-03-17 23:32 - 000001357 _____ C:\Users\Public\Desktop\Menschen A1 Lerner-DVD-ROM zum Kursbuch.lnk

2018-03-17 23:29 - 2017-11-23 13:18 - 1084015929 _____ C:\Users\RG\Desktop\101901_Menschen_A1_KB_Lerner-DVD-ROM.air

2018-03-17 23:14 - 2018-03-17 23:27 - 955707289 _____ C:\Users\RG\Downloads\301901_Menschen_A11_KB_Lerner-DVD-ROM.zip

2018-03-17 23:14 - 2018-03-17 23:22 - 450238617 _____ C:\Users\RG\Downloads\501901_Menschen_A12_KB_Lerner-DVD-ROM.zip

2018-03-17 23:14 - 2018-03-17 23:19 - 209034660 _____ C:\Users\RG\Downloads\501902_Menschen_A22_KB_Lerner-DVD-ROM.zip

2018-03-17 23:14 - 2018-03-17 23:19 - 194140766 _____ C:\Users\RG\Downloads\301902_Menschen_A21_KB_Lerner-DVD-ROM.zip

2018-03-17 23:13 - 2018-03-17 23:27 - 1083570886 _____ C:\Users\RG\Downloads\101901_Menschen_A1_KB_Lerner-DVD-ROM.zip

2018-03-17 23:13 - 2018-03-17 23:20 - 384547330 _____ C:\Users\RG\Downloads\101902_Menschen_A2_KB_Lerner-DVD-ROM.zip

2018-03-17 23:12 - 2018-03-17 23:12 - 197368832 _____ C:\Users\RG\Downloads\505427_chiaro_A1_iKB.zip

2018-03-17 23:09 - 2018-03-17 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hueber

2018-03-17 23:09 - 2018-03-17 23:32 - 000000000 ____D C:\Program Files (x86)\Hueber

2018-03-17 23:09 - 2018-03-17 23:09 - 000001107 _____ C:\Users\Public\Desktop\AusBlick 1 iKB.lnk

2018-03-17 23:09 - 2018-03-17 23:09 - 000000000 ____D C:\Users\RG\AppData\Roaming\de.hueber.ausblick1b1

2018-03-17 23:06 - 2018-03-17 23:07 - 158439778 _____ C:\Users\RG\Downloads\131860_Ausblick_1_iKB.zip

2018-03-17 23:00 - 2018-03-17 23:00 - 010857648 _____ (Adobe Systems Inc.) C:\Users\RG\Downloads\AdobeAIRInstaller (2).exe

2018-03-17 22:56 - 2018-03-17 22:56 - 061451455 _____ C:\Users\RG\Downloads\Menschen_A1_2_AB_Audio.zip

2018-03-17 22:56 - 2018-03-17 22:56 - 026017516 _____ C:\Users\RG\Downloads\Menschen_A1_1_AB_Audio.zip

2018-03-17 22:42 - 2018-03-17 22:42 - 010857648 _____ (Adobe Systems Inc.) C:\Users\RG\Downloads\AdobeAIRInstaller (1).exe

2018-03-17 22:41 - 2012-02-28 12:31 - 000102272 _____ (Adobe Systems Inc.) C:\Users\RG\Desktop\Installer.exe

2018-03-17 22:31 - 2018-03-17 22:31 - 000000000 ____D C:\Users\RG\AppData\Roaming\HachetteFLE.ParcoursDigital.AlterEgo.2

2018-03-17 22:31 - 2018-03-17 22:31 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2018-03-17 22:31 - 2018-03-17 22:31 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2018-03-17 22:30 - 2018-03-17 22:30 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parcours Digital AlterEgo+ niveau 2.lnk

2018-03-17 22:30 - 2018-03-17 22:30 - 000000000 ____D C:\Program Files (x86)\ParcoursDigital-AE+2

2018-03-17 22:29 - 2018-03-17 22:30 - 151058182 _____ (Hachette FLE ) C:\Users\RG\Downloads\AlterEgo.2-1.0.0-version-complete.exe

2018-03-17 22:15 - 2018-03-17 22:16 - 139589335 _____ C:\Users\RG\Downloads\pistes-alterEgo+2.zip

2018-03-17 22:02 - 2018-03-17 22:02 - 010857648 _____ (Adobe Systems Inc.) C:\Users\RG\Downloads\AdobeAIRInstaller.exe

2018-03-17 21:51 - 2018-03-17 21:51 - 000000000 ____D C:\Users\RG\Desktop\German

2018-03-17 21:50 - 2018-03-17 22:14 - 000000000 ____D C:\Users\RG\Desktop\French

2018-03-16 20:29 - 2018-03-16 20:29 - 000842716 _____ C:\Users\RG\Desktop\CreditCardStatement.pdf

2018-03-16 14:02 - 2018-03-16 14:02 - 000190606 _____ C:\Users\RG\Downloads\1717The Aerospatiale decision.pdf

2018-03-16 11:59 - 2018-02-18 04:53 - 001568672 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2018-03-16 11:59 - 2018-02-18 04:53 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2018-03-16 11:59 - 2018-02-18 04:47 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2018-03-16 11:59 - 2018-02-18 04:46 - 000749472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2018-03-16 11:59 - 2018-02-18 04:46 - 000609184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2018-03-16 11:59 - 2018-02-18 04:45 - 000664480 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2018-03-16 11:59 - 2018-02-18 04:45 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2018-03-16 11:59 - 2018-02-18 04:44 - 000273312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2018-03-16 11:59 - 2018-02-18 04:36 - 000528288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2018-03-16 11:59 - 2018-02-18 04:24 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2018-03-16 11:59 - 2018-02-09 22:49 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll

2018-03-16 11:59 - 2018-02-09 22:47 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2018-03-16 11:59 - 2018-02-09 22:41 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe

2018-03-16 11:59 - 2018-02-09 22:40 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2018-03-16 11:48 - 2018-03-16 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2018-03-15 04:50 - 2018-03-15 04:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

2018-03-15 04:50 - 2018-03-15 04:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys

2018-03-15 04:50 - 2018-03-15 04:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

2018-03-15 04:50 - 2018-03-15 04:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

2018-03-12 20:40 - 2018-03-12 20:40 - 000014151 ____H C:\Users\RG\Documents\~WRL0647.tmp

2018-03-12 19:38 - 2018-02-18 04:32 - 000026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2018-03-12 19:38 - 2018-02-18 03:56 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2018-03-12 19:38 - 2018-02-18 03:54 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2018-03-12 19:38 - 2018-02-18 03:49 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2018-03-12 19:38 - 2018-02-18 03:49 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2018-03-12 19:38 - 2018-02-18 03:49 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2018-03-12 19:38 - 2018-02-18 03:48 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2018-03-12 19:38 - 2018-02-18 03:48 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2018-03-12 19:38 - 2018-02-18 03:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

2018-03-12 19:38 - 2018-02-18 03:47 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2018-03-12 19:38 - 2018-02-18 03:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2018-03-12 19:38 - 2018-02-18 03:46 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2018-03-12 19:38 - 2018-02-18 03:45 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2018-03-12 19:38 - 2018-02-18 03:44 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2018-03-12 19:38 - 2018-02-18 03:41 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2018-03-12 19:38 - 2018-02-18 03:40 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2018-03-12 19:38 - 2018-02-18 03:39 - 002449920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2018-03-12 19:38 - 2018-02-18 03:38 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2018-03-12 19:38 - 2018-02-18 03:36 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll

2018-03-12 19:38 - 2018-02-09 21:35 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll

2018-03-12 19:38 - 2018-02-09 21:30 - 001307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2018-03-12 12:53 - 2018-03-12 12:56 - 000000000 ____D C:\Users\RG\Desktop\SD Card

2018-03-07 22:06 - 2018-03-23 11:53 - 000000809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk

2018-03-07 22:06 - 2018-03-23 11:53 - 000000000 ____D C:\Windows10Upgrade

2018-03-07 21:45 - 2018-03-07 21:45 - 000000000 ____D C:\WINDOWS\UpdateAssistant

2018-03-05 00:54 - 2018-03-05 00:58 - 216388608 ____R C:\Users\RG\Downloads\Last.Week.Tonight.With.John.Oliver.S05E03.HDTV.x264-CROOKS[eztv].mkv

2018-03-02 01:51 - 2018-03-02 01:51 - 000091922 _____ C:\Users\RG\Downloads\2008_WL_7185283.pdf

2018-03-01 01:26 - 2018-03-01 01:26 - 000073850 _____ C:\Users\RG\Desktop\California State Bar - Application for Take the California Bar Examination - Print Copy.pdf

2018-02-28 13:31 - 2018-02-28 13:31 - 000330712 _____ C:\Users\RG\Desktop\CalBar_MC_Fingerprint_LiveScan_pdf_replica.asp.pdf

2018-02-28 13:31 - 2018-02-28 13:31 - 000173767 _____ C:\Users\RG\Desktop\Authorization_and_Release_Form_Print.pdf

2018-02-28 13:30 - 2018-02-28 13:30 - 000126416 _____ C:\Users\RG\Desktop\California State Bar - Application for Moral Character Determination - Print Copy.pdf

2018-02-27 14:45 - 2018-02-27 14:45 - 000003934 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration

2018-02-26 18:35 - 2018-02-26 18:35 - 000135473 _____ C:\Users\RG\Downloads\PRACTICE Stewart v. Quantum Airlines Pers. Practice PT File and Library.pdf

2018-02-26 17:59 - 2018-02-26 17:59 - 000007933 _____ C:\Users\RG\Downloads\Stewart v. Quantum Airlines Objective Instrs.pdf

2018-02-26 14:38 - 2018-02-26 14:38 - 000043473 _____ C:\Users\RG\Downloads\Conditional Life Insurance Agreement.pdf

2018-02-26 00:42 - 2018-02-26 00:42 - 001309182 _____ C:\Users\RG\Downloads\Essay #2 with BarBri Answers.pdf

2018-02-26 00:41 - 2018-02-26 00:41 - 000318707 _____ C:\Users\RG\Downloads\Bar Essays July 2011 Civ Pro Evidence Model Answer.pdf

2018-02-24 22:30 - 2018-02-24 22:30 - 000752218 _____ C:\Users\RG\Documents\_Statements_4.pdf

2018-02-24 22:29 - 2018-02-24 22:29 - 000752220 _____ C:\Users\RG\Documents\_Statements_3.pdf

2018-02-24 22:29 - 2018-02-24 22:29 - 000752194 _____ C:\Users\RG\Documents\_Statements_2.pdf

2018-02-24 22:17 - 2018-02-24 22:38 - 000888277 _____ C:\Users\RG\Desktop\JANUARY STATEMENT.pdf

2018-02-24 21:52 - 2018-02-24 21:52 - 000705863 _____ C:\Users\RG\Desktop\_Statements_.pdf

2018-02-21 21:04 - 2018-02-21 21:04 - 001358465 _____ C:\Users\RG\Downloads\Week 6 Civ Pro Overview and Civ Pro Evidence Essay Exam Spring 2018 (1).pptx

2018-02-21 20:29 - 2018-02-21 20:29 - 000029412 _____ C:\Users\RG\Downloads\Week 5 Civ Pro Practice Exam.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 12:09 - 2018-01-24 11:44 - 000000000 ____D C:\Users\RG\AppData\Local\vskbtin

2018-03-23 12:08 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness

2018-03-23 12:06 - 2018-01-24 12:51 - 000000000 ____D C:\AdwCleaner

2018-03-23 12:00 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF

2018-03-23 01:48 - 2017-10-18 20:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2018-03-23 00:02 - 2018-01-25 00:53 - 000000000 ____D C:\Users\RG\AppData\Local\CrashDumps

2018-03-22 23:50 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp

2018-03-22 23:49 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache

2018-03-22 23:26 - 2017-09-29 23:27 - 000000000 ____D C:\Program Files\rempl

2018-03-22 23:25 - 2017-10-18 21:46 - 001097332 _____ C:\WINDOWS\system32\prfh0404.dat

2018-03-22 23:25 - 2017-10-18 21:46 - 000325004 _____ C:\WINDOWS\system32\prfc0404.dat

2018-03-22 23:25 - 2017-10-18 21:07 - 003130192 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2018-03-22 23:21 - 2016-11-21 22:13 - 000000000 ____D C:\Users\RG\AppData\Local\Spotify

2018-03-22 23:21 - 2016-11-21 21:41 - 000001138 _____ C:\Users\Public\Desktop\VPN Unlimited.lnk

2018-03-22 23:21 - 2016-11-21 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPN Unlimited

2018-03-22 23:21 - 2016-11-21 21:41 - 000000000 ____D C:\Program Files (x86)\VPN Unlimited

2018-03-22 23:20 - 2018-01-25 01:12 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2018-03-22 23:20 - 2016-11-21 22:08 - 000000000 ____D C:\Users\RG\AppData\Roaming\Spotify

2018-03-22 23:20 - 2016-11-21 19:37 - 000000000 __SHD C:\Users\RG\IntelGraphicsProfiles

2018-03-22 23:19 - 2018-01-24 11:42 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\snnmagisvc.exe

2018-03-22 23:19 - 2017-10-18 21:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2018-03-22 23:19 - 2017-10-18 20:57 - 000600672 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2018-03-22 23:19 - 2017-03-18 04:40 - 034603008 _____ C:\WINDOWS\system32\config\HARDWARE

2018-03-22 23:19 - 2017-03-18 04:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI

2018-03-22 11:58 - 2018-01-25 00:55 - 000000000 ____D C:\ProgramData\Malwarebytes

2018-03-22 11:18 - 2016-11-21 19:37 - 000000000 ____D C:\Users\RG\AppData\Local\Packages

2018-03-22 10:32 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps

2018-03-21 18:08 - 2016-11-21 19:37 - 000000000 ____D C:\Users\RG\AppData\Local\Adobe

2018-03-21 18:04 - 2016-11-21 22:02 - 000000000 ___RD C:\Users\RG\Dropbox

2018-03-20 22:09 - 2018-01-24 12:45 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-03-20 22:09 - 2018-01-24 12:45 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2018-03-20 12:13 - 2016-11-23 09:14 - 000007875 _____ C:\WINDOWS\BRRBCOM.INI

2018-03-17 22:31 - 2017-06-04 20:07 - 000000000 ____D C:\Program Files (x86)\Adobe

2018-03-16 22:18 - 2016-11-21 19:47 - 000000000 ____D C:\Program Files (x86)\TeamViewer

2018-03-16 22:06 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser

2018-03-16 11:49 - 2016-06-10 12:50 - 000000000 ____D C:\Program Files (x86)\Dropbox

2018-03-14 12:49 - 2016-06-28 16:04 - 000000000 ____D C:\WINDOWS\system32\MRT

2018-03-14 12:20 - 2017-10-10 17:15 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2018-03-14 12:20 - 2016-06-28 16:04 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2018-03-13 17:27 - 2017-10-28 12:13 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier

2018-03-13 17:27 - 2017-10-28 12:13 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2018-03-13 17:27 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

2018-03-13 17:27 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed

2018-03-07 22:18 - 2017-12-04 16:49 - 000002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Examplify.lnk

2018-03-07 22:18 - 2017-12-04 16:49 - 000002077 _____ C:\Users\Public\Desktop\Examplify.lnk

2018-03-07 22:05 - 2017-10-18 20:59 - 000000000 ____D C:\Users\RG

2018-03-07 21:43 - 2017-10-18 21:04 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-509284063-2352873921-1556801466-1002

2018-03-07 21:43 - 2016-11-21 19:37 - 000002356 _____ C:\Users\RG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2018-03-07 21:43 - 2016-11-21 19:37 - 000000000 ___RD C:\Users\RG\OneDrive

2018-03-05 01:30 - 2016-12-26 17:05 - 000000000 ____D C:\Users\RG\AppData\Roaming\vlc

2018-03-02 13:25 - 2017-03-18 14:06 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2018-03-02 13:25 - 2017-03-18 14:06 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2018-02-28 14:30 - 2016-11-21 19:47 - 000001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk

2018-02-28 14:30 - 2016-11-21 19:47 - 000001030 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk

2018-02-28 13:16 - 2017-10-18 21:04 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2018-02-26 00:41 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2018-02-25 01:53 - 2017-06-04 20:09 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk

2018-02-25 01:53 - 2017-06-04 20:09 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk

2018-02-23 01:50 - 2016-11-22 01:19 - 000000000 ____D C:\Users\RG\Downloads\Naruto Complete Series + Movies Uncut

Some files in TEMP:

====================

2018-01-24 22:46 - 2017-10-18 21:53 - 001930840 _____ (Microsoft Corporation) C:\Users\RG\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

C:\WINDOWS\system32\drivers\upaknrux.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-03-14 22:10

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018

Ran by RG (23-03-2018 12:12:49)

Running from C:\Users\RG\Downloads

Windows 10 Home Version 1703 15063.850 (X64) (2017-10-19 04:07:34)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-509284063-2352873921-1556801466-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-509284063-2352873921-1556801466-503 - Limited - Disabled)

Guest (S-1-5-21-509284063-2352873921-1556801466-501 - Limited - Disabled)

john (S-1-5-21-509284063-2352873921-1556801466-1001 - Administrator - Enabled) => C:\Users\john

RG (S-1-5-21-509284063-2352873921-1556801466-1002 - Administrator - Enabled) => C:\Users\RG

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FD868C71-6CCF-42E2-B90D-0504AB0036FE}) (Version: 13.2.1 - Hewlett-Packard) Hidden

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)

Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)

AusBlick 1 iKB (HKLM-x32\...\{F0BF2FE5-0F39-0126-2992-8BD6A10EF51F}) (Version: 0.3 - Hueber Verlag GmbH & Co. KG) Hidden

AusBlick 1 iKB (HKLM-x32\...\de.hueber.ausblick1b1) (Version: 0.3 - Hueber Verlag GmbH & Co. KG)

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)

Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)

Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden

Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)

Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)

Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)

Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)

Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden

Examplify (HKLM-x32\...\{BDF34D34-009D-4567-84C6-77F898C3F031}) (Version: 1.4.2 - Examsoft) Hidden

Examplify (HKLM-x32\...\InstallShield_{BDF34D34-009D-4567-84C6-77F898C3F031}) (Version: 1.4.2 - Examsoft)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden

Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)

Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.311 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1178 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4590 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)

Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)

Intel® WiDi (HKLM\...\{E8A2DA8A-CA1A-4F5A-B113-6C34FCC4B6D4}) (Version: 6.0.62.0 - Intel Corporation)

Intel® WiDi Software Asset Manager (HKLM-x32\...\{AC8973AF-7F4C-40F4-BFE1-C02FE95ED2C2}) (Version: 3.2.1184 - Intel Corporation) Hidden

Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)

Intel® Integrated Sensor Solution (HKLM-x32\...\{755abcd0-2942-482b-a27d-22921a5849f0}) (Version: 3.0.14.3056 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation)

Intel® Software Guard Extensions Platform Software (HKLM\...\{D6CE0772-080E-45D4-8CB0-AB2AB9710DFE}) (Version: 1.1.28151.80 - Intel Corporation)

IPM_Common_x86 (HKLM-x32\...\{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.1 - Your Company Name) Hidden

ISS_Drivers_x64 (HKLM\...\{7E28859E-AD3D-4FC2-8D70-E345F8C87722}) (Version: 3.0.14.3056 - Intel Corporation) Hidden

Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)

LexisNexis Sanction (HKLM-x32\...\{74C42E3E-E122-45BF-9B55-17E2A88C4491}) (Version: 4.10.06.01 - LexisNexis)

LexisNexis TimeMap 6 (HKLM-x32\...\{65022604-D57C-44B0-B626-CF9899FB6B83}) (Version: 6.00.86.01 - LexisNexis CaseSoft)

LibreOffice 5.3.3.2 (HKLM-x32\...\{C7C4A0C6-8483-4065-851D-CBE5DC17D046}) (Version: 5.3.3.2 - The Document Foundation)

Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)

Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden

Menschen A1 Lerner-DVD-ROM zum Kursbuch (HKLM-x32\...\{C00C7537-BCAD-5637-CB8F-E60DD3DA3832}) (Version: 1.0 - Hueber Verlag GmbH & Co. KG) Hidden

Menschen A1 Lerner-DVD-ROM zum Kursbuch (HKLM-x32\...\de.hueber.menschena1izu) (Version: 1.0 - Hueber Verlag GmbH & Co. KG)

Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)

Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Parcours Digital AlterEgo+ niveau 1 version 1.3 (HKLM-x32\...\{ABEA6B4C-2FA1-43C0-B3EA-4D83E4BFBF44}_is1) (Version: 1.3 - Hachette FLE)

Parcours Digital AlterEgo+ niveau 2 version 1.0 (HKLM-x32\...\{5A7B1EB3-7CC7-463D-A18E-68B56198A4AA}_is1) (Version: 1.0 - Hachette FLE)

Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)

Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden

ProShow Producer (HKLM-x32\...\ProShow Producer) (Version: - Photodex Corporation)

QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.35 - Dell Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8224 - Realtek Semiconductor Corp.)

Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden

RogueKiller version 12.12.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.1.0 - Adlice Software)

Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.103 - Skype Technologies S.A.)

SofTest v11 (HKLM-x32\...\{A579A21A-8DED-44E9-AA63-F1595AC24884}) (Version: 11.33.5 - Examsoft) Hidden

SofTest v11 (HKLM-x32\...\InstallShield_{A579A21A-8DED-44E9-AA63-F1595AC24884}) (Version: 11.33.5 - Examsoft)

Spotify (HKU\S-1-5-21-509284063-2352873921-1556801466-1002\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)

SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.93231 - TeamViewer)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AAB396C1-4338-4825-BFA1-A085F3C55781}) (Version: 2.19.0.0 - Microsoft Corporation)

UpdateAssistant (HKLM\...\{E1D7CB46-BAE9-4D58-99C4-582332B1755A}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden

UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

VPN Unlimited 4.17 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 4.17 - KeepSolid Inc.)

vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden

Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)

Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)

Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 2.0.0.0 - )

Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

WordPerfect Office X8 - Common Files (HKLM-x32\...\{42428570-D010-4FC6-BD19-02D443418372}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - IPM Content TBYB (HKLM-x32\...\{39D42D80-E7FA-445C-A6A0-0D90BF66D715}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - IPM TBYB (HKLM-x32\...\{0142A22B-3F10-4034-AC51-01B86449F89C}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - Lightning Files (HKLM-x32\...\{070A4546-460D-4B5D-BEEB-22F9BDC0CF6A}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - Oxford (HKLM-x32\...\{CC0E11EC-EE17-4351-9523-FDF15CDE36DB}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - Presentations Files (HKLM-x32\...\{56046687-93A2-420F-BC32-472A7BE02C78}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - Quattro Pro Files (HKLM-x32\...\{C6EA41FF-5BC2-4035-A08E-A66B3084EDCE}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - Setup Files (HKLM-x32\...\{8F19BD38-2FAE-4383-95F5-20FB54A647FC}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - System Files (HKLM-x32\...\{1E20010F-6730-4511-B1BA-66E5032A5860}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - WordPerfect Files (HKLM-x32\...\{31A0E52F-CA1A-4BAF-AD4F-F40A2BEE9FA7}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - WPD format Props x64 (HKLM\...\{5E7A9D3D-7A1B-4F4E-B4E4-74E3BCD28E77}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 - WT (HKLM-x32\...\{DF751A12-329C-4963-BCE7-14C8265167E6}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 (HKLM-x32\...\_{8F19BD38-2FAE-4383-95F5-20FB54A647FC}) (Version: 18.0.0.200 - Corel Corporation)

WordPerfect Office X8 (HKLM-x32\...\{0BC87715-8C0B-4C9C-BF95-36A463B7A96C}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 (HKLM-x32\...\{2067216B-D56E-4717-AB2C-38FBE8DB3FC3}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 (HKLM-x32\...\{21D49A11-15ED-43F3-97D6-1C5B73F70F21}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 (HKLM-x32\...\{7C6905CE-F10B-4629-8A5D-602BE91CCBB3}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 (HKLM-x32\...\{B2BCF349-C7C0-4C02-8803-0191F9D83C7A}) (Version: 18.0 - Corel Corporation) Hidden

WordPerfect Office X8 (HKLM-x32\...\{E292E6B0-C84D-4C47-A61E-7C42540C4ECF}) (Version: 18.0 - Corel Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ContextMenuHandlers2-x32: [QuickFinderMenu] -> {72faaca8-f0ae-4638-868a-4a786f23c60c} => c:\Program Files (x86)\Corel\WordPerfect Office X8\Programs\PFSE180.DLL [2016-04-11] (Corel Corporation)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ContextMenuHandlers4-x32: [QuickFinderMenu] -> {72faaca8-f0ae-4638-868a-4a786f23c60c} => c:\Program Files (x86)\Corel\WordPerfect Office X8\Programs\PFSE180.DLL [2016-04-11] (Corel Corporation)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igfxDTCM.dll [2017-02-20] (Intel Corporation)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0527B2D3-17FC-4D36-8F4C-6E48A3B25C7B} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-NNGBV58-RG => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)

Task: {0AB103E0-380F-4C15-95F5-2DC08A0DB862} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe

Task: {15CE6A8A-5A51-4001-991F-E3EE543A3F4D} - System32\Tasks\WRU => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()

Task: {18F7FAAA-5A49-4F7A-9ABC-B7BCF0561B72} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-18] (Microsoft Corporation)

Task: {233AB51A-75C6-4714-ACFD-812C96A869FE} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2016-02-27] (Corel Corporation)

Task: {2C18C0C5-EBA8-45F0-86B0-63DDB72AEB1A} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

Task: {2FB43C30-6E96-4BCB-B220-EC64AAB8F36C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

Task: {2FF8FE31-7617-4BA8-A692-6F720CB0030D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)

Task: {3056746E-880D-4B42-9495-23BE884CF002} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK

Task: {346EFE44-7CDF-4757-AD49-D59BE380B452} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-509284063-2352873921-1556801466-1001 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe

Task: {38D5B36D-B694-402E-A7DE-CC86F12230C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

Task: {3964D9A3-398F-41BC-A463-AB9259648575} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-18] (Microsoft Corporation)

Task: {3E7162A7-3E5D-4695-BF77-70AE17FD92CA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-509284063-2352873921-1556801466-1001 => C:\Program Files (x86)\Real\RealDownloader\recordingmanager.exe

Task: {3FADB233-8A5A-4D2B-BEFB-3A2DA767890B} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)

Task: {4310763A-92D9-4FC9-B235-F5C2C5C0C461} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {4E840847-16C8-40DF-8561-543CBFDD5202} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-24] (Google Inc.)

Task: {5B4D0BFD-4FFD-4E69-9436-DDCA013CC361} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)

Task: {61DB6AE0-1291-41F1-8637-4645DB97CD60} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)

Task: {68C5890D-E823-4F77-B14F-4F55868E0D6F} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)

Task: {6A94301D-F770-43A4-A38D-B43D646309A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-24] (Google Inc.)

Task: {724806D3-C143-47F5-A8F4-31205CDBF78A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-509284063-2352873921-1556801466-1001 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe

Task: {7B3F0916-DAB4-41D0-BF96-C0B2784683AF} - System32\Tasks\SystemToolsDailyTest-Retry => uaclauncher.exe

Task: {7D7EE01B-4B5C-42AF-BB54-B5673E40082B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)

Task: {807F7606-AD39-49E3-94DB-424FEAAAEB48} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe

Task: {8486701D-1950-4B6B-AB4A-27A7F81A98BD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)

Task: {9C64F817-3295-4316-9B32-070B0780AEC8} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)

Task: {A4C4B2AF-6010-4597-8E02-E1DF4928B749} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)

Task: {A80FBAD4-38E0-49C2-AEE2-60F689DC660B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-18] (Microsoft Corporation)

Task: {BC5D43DF-1354-4A3D-BA36-D1932BE95B18} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-18] (Microsoft Corporation)

Task: {BD1BE771-2B32-4FD3-9C38-EB9EECFEA06B} - System32\Tasks\WRUStartup => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()

Task: {CE3C66D3-3234-4063-8FB3-23F0AC865CEC} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)

Task: {D348532D-38F9-4675-BD62-548D3E477E3F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)

Task: {E75442AA-172A-4920-A54D-ACDEDA00A98A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe

Task: {E9A6EBD6-6301-4837-9286-E531DD8AFA88} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-13] (Adobe Systems Incorporated)

Task: {EF356356-721C-4C0A-A2CF-60B7FECCD35F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

Task: {FB1112BD-D312-4358-95B4-F839678F76A5} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-09-14] (Realtek Semiconductor)

Task: {FC873CE5-1AAF-4416-BC85-5CF5B669D9D7} - System32\Tasks\Chess Titans => C:\Users\RG\AppData\Local\Temp\is-RG620.tmp\prsetup.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-17 02:15 - 2016-07-17 02:15 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe

2018-01-25 00:55 - 2017-11-29 10:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2018-03-16 11:50 - 2018-03-16 11:51 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2018-03-16 11:50 - 2018-03-16 11:51 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2018-03-16 11:50 - 2018-03-16 11:51 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2018-03-16 11:50 - 2018-03-16 11:51 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll

2018-03-20 22:09 - 2018-03-19 23:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll

2018-03-20 22:09 - 2018-03-19 23:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll

2018-03-16 11:50 - 2018-03-16 11:51 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll

2018-03-08 18:30 - 2018-03-08 18:30 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-10-18 21:39 - 2017-10-18 21:39 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe

2017-09-25 19:13 - 2017-09-25 19:13 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2018-02-23 18:55 - 2018-02-23 18:55 - 000904704 _____ () C:\Program Files (x86)\Examsoft\Examplify\Services\System.Data.SQLite.dll

2016-09-16 14:58 - 2016-09-16 14:58 - 000904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll

2018-03-16 11:48 - 2018-03-15 04:50 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll

2018-03-16 11:48 - 2018-03-15 04:50 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll

2017-08-06 12:20 - 2018-03-15 04:50 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

2018-03-16 11:48 - 2018-03-15 04:50 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd

2018-03-16 11:48 - 2018-03-15 04:50 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll

2017-08-06 12:20 - 2018-03-15 04:50 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd

2018-03-16 11:48 - 2018-03-15 04:50 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd

2018-03-16 11:48 - 2018-03-15 04:50 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll

2017-08-06 12:20 - 2018-03-15 04:53 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd

2017-09-21 13:34 - 2018-03-15 04:50 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd

2017-09-08 15:11 - 2018-03-15 04:53 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd

2017-08-06 12:20 - 2018-03-15 04:50 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd

2017-08-06 12:20 - 2018-03-15 04:53 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

2018-03-16 11:48 - 2018-03-15 04:50 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll

2018-03-16 11:48 - 2018-03-15 04:52 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd

2018-03-16 11:48 - 2018-03-15 04:50 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll

2018-01-11 17:57 - 2018-03-15 04:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL

2017-08-06 12:20 - 2018-03-15 04:53 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL

2018-03-16 11:48 - 2018-03-15 04:52 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll

2017-08-06 12:20 - 2018-03-15 04:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

2018-03-16 11:48 - 2018-03-15 04:52 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

2016-12-21 11:24 - 2016-12-21 11:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll

2015-06-23 16:26 - 2015-06-23 16:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll

2017-11-21 14:50 - 2017-11-21 14:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll

2016-01-21 00:12 - 2016-01-21 00:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2018-02-22 09:57 - 2018-02-22 09:57 - 029246960 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.dll

2018-02-22 09:57 - 2018-02-22 09:57 - 000392688 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\sqlite.dll

2017-08-10 08:24 - 2017-08-10 08:24 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 00:24 - 2015-10-30 00:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-509284063-2352873921-1556801466-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\RG\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 8.8.8.8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{0F7144AF-3906-4142-A069-01606F418AA4}C:\program files (x86)\vpn unlimited\vpn-unlimited-daemon.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited-daemon.exe

FirewallRules: [TCP Query User{F3B3862D-21C9-4627-8311-5A287D170832}C:\program files (x86)\vpn unlimited\vpn-unlimited-daemon.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited-daemon.exe

FirewallRules: [{57A6EAC5-3B54-4A17-8A18-713018721900}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{4428DDF8-636B-4BA8-B8A2-EFC57822594F}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe

FirewallRules: [{1F38C0E6-4798-4302-8E0C-9FBDAB95A87F}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe

FirewallRules: [{F1FCF9A0-02E1-4968-8715-99CC6ABCCE7D}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe

FirewallRules: [{E969162D-55BB-4DE7-B697-CA95D9C4209C}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe

FirewallRules: [UDP Query User{5EF4EE77-E57C-4042-AC03-893310218650}C:\users\rg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rg\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{5003A093-2EE5-4423-923E-7D8C2ABA118F}C:\users\rg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rg\appdata\roaming\spotify\spotify.exe

FirewallRules: [{00A77504-9747-4882-B851-83A7FB458EC3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe

FirewallRules: [{113384AA-F0DC-44C5-8988-646C6F38FCDD}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe

FirewallRules: [{373254FF-4999-4575-AED1-D58706F46D95}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe

FirewallRules: [{36661E36-093B-4C7B-829A-68C6C859FABB}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe

FirewallRules: [{58907E92-C625-48C1-AB39-50284145EFA9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe

FirewallRules: [{FE44F13A-69C6-4ECB-B578-3954AF396B41}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe

FirewallRules: [{0456E444-696E-4178-93C3-CB4AD1FEA90E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe

FirewallRules: [{C7BB1379-62D1-4F3D-B25F-F7EEF43AC0DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe

FirewallRules: [{45823DC3-184B-4009-AAA4-7CE5C5DBE7FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{31770ABD-2A92-4F2C-BA1C-2BE49334D5CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{05D1EF7A-9A19-47B5-BFE6-83F6EB65885B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{86BB85F0-6C23-4E82-BCCA-460A19FE91C9}] => (Allow) C:\WINDOWS\system32\rundll32.exe

FirewallRules: [{6DF9B717-EB5E-44BF-A204-D7C6D81187E1}] => (Allow) C:\Program Files (x86)\Kilbride\freely.exe

FirewallRules: [{5BD34C16-CE37-4EA4-9EDE-7B2E9E5B275C}] => (Allow) C:\Program Files (x86)\Sent\freely.exe

FirewallRules: [{8BC9EA4A-C20C-4FC8-B883-B691AA16FDFA}] => (Allow) C:\Program Files (x86)\cannot\registry.exe

FirewallRules: [{9A5511AB-041C-45FB-AB6F-602F5C66EE6B}] => (Allow) C:\Program Files (x86)\Sent\registry.exe

FirewallRules: [{B31BA0EF-4CD9-4359-A65F-527630422ADD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{4854E52D-2CD6-4468-BC68-B65211C5946B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{81CA48E3-7C93-4884-9FD5-BAE66AC4E1F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{67555CC0-DAC2-4558-8AA2-CB954719F971}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{F463BC62-D95F-46F5-968D-5330A94B7B49}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

FirewallRules: [{BB515F7D-58AE-4BF3-AD92-FD84CDF6416D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{BB95A0A7-104B-43F9-A088-4B2B6250EA51}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

FirewallRules: [{54779E85-3456-4261-B6F5-2E635E727EDF}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

FirewallRules: [{7B5E867E-9ABE-47D4-A9B3-CD5F16DCFFAF}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe

FirewallRules: [{6A9616F9-9826-4483-A6C8-349E9223A43D}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe

==================== Restore Points =========================

22-03-2018 23:25:29 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/23/2018 12:02:18 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: QtWebEngineProcess.exe, version: 0.0.0.0, time stamp: 0x59119a8b

Faulting module name: Qt5WebEngineCore.dll, version: 5.6.2.0, time stamp: 0x57e7d9e6

Exception code: 0x80000003

Fault offset: 0x008332c3

Faulting process id: 0x3810

Faulting application start time: 0x01d3c26f432567cc

Faulting application path: C:\Program Files (x86)\VPN Unlimited\QtWebEngineProcess.exe

Faulting module path: C:\Program Files (x86)\VPN Unlimited\Qt5WebEngineCore.dll

Report Id: 4ba0312a-2166-4b42-9ce7-d2a19b2f0509

Faulting package full name:

Faulting package-relative application ID:

Error: (03/23/2018 12:02:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpn-unlimited.exe, version: 4.17.0.0, time stamp: 0x5a7c6d89

Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e

Exception code: 0xc000000d

Fault offset: 0x000f507c

Faulting process id: 0x339c

Faulting application start time: 0x01d3c26f31d27d3f

Faulting application path: C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: 8b0c5d6b-4344-4589-92dd-7d66791989f3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/23/2018 12:02:06 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpn-unlimited.exe, version: 4.17.0.0, time stamp: 0x5a7c6d89

Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e

Exception code: 0xc000000d

Fault offset: 0x000f507c

Faulting process id: 0x339c

Faulting application start time: 0x01d3c26f31d27d3f

Faulting application path: C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: cfd1147b-9df2-40e8-9743-2a300daa39a3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/22/2018 11:49:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: RealPlayerUpdateSvc.exe, version: 0.0.0.0, time stamp: 0x57eb1533

Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e

Exception code: 0xc0000005

Fault offset: 0x00091cc2

Faulting process id: 0xe4c

Faulting application start time: 0x01d3c26ef6b72b8c

Faulting application path: C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: 435c0213-8b3d-4890-bab5-626260096ca1

Faulting package full name:

Faulting package-relative application ID:

Error: (03/22/2018 11:21:21 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: QtWebEngineProcess.exe, version: 0.0.0.0, time stamp: 0x59119a8b

Faulting module name: Qt5WebEngineCore.dll, version: 5.6.2.0, time stamp: 0x57e7d9e6

Exception code: 0x80000003

Fault offset: 0x008332c3

Faulting process id: 0x39f8

Faulting application start time: 0x01d3c26f1a2f4272

Faulting application path: C:\Program Files (x86)\VPN Unlimited\QtWebEngineProcess.exe

Faulting module path: C:\Program Files (x86)\VPN Unlimited\Qt5WebEngineCore.dll

Report Id: 9a9e40eb-88f6-443b-9706-7866e31f6949

Faulting package full name:

Faulting package-relative application ID:

Error: (03/22/2018 11:21:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpn-unlimited.exe, version: 4.16.0.0, time stamp: 0x5a181260

Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e

Exception code: 0xc000000d

Fault offset: 0x000f507c

Faulting process id: 0x3404

Faulting application start time: 0x01d3c26f05cb6619

Faulting application path: C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: ceddcf0e-510b-4e95-bbf7-8f9f445f1971

Faulting package full name:

Faulting package-relative application ID:

Error: (03/22/2018 11:21:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpn-unlimited.exe, version: 4.16.0.0, time stamp: 0x5a181260

Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e

Exception code: 0xc000000d

Fault offset: 0x000f507c

Faulting process id: 0x3404

Faulting application start time: 0x01d3c26f05cb6619

Faulting application path: C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: ed13b3ae-be78-4edb-a75b-57778f56e4cf

Faulting package full name:

Faulting package-relative application ID:

Error: (03/22/2018 11:19:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6

Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6

Exception code: 0xc0000409

Fault offset: 0x000000000022af80

Faulting process id: 0x132c

Faulting application start time: 0x01d3c20e8bdde52d

Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

Report Id: de3848d2-e528-49aa-ac06-ea05da05ea21

Faulting package full name:

Faulting package-relative application ID:

System errors:

=============

Error: (03/23/2018 12:02:47 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.