Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security Alert - Red Screen


  • This topic is locked This topic is locked
74 replies to this topic

#1 azrattler

azrattler

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 09 April 2018 - 04:20 PM

Hello, I use two browsers Opera and Firefox. I open them both for different purposes each time I turn on my laptop. I have a Dell XPS 13 running W10 64bit. Sometimes, not everytime when I open Firefox, the red screen appears that says internet security alert. It says it through my speaker also which tells me not to attempt to close it. I do not know exactly what it says though because I always right click on the FF icon and close window. Then I reopen it and its usually gone. One time it came back after reopening but I then closed it the same way and it was gone. This does not or has not happened to me using Opera or Edge. I don't have Chrome on my comp. I have downloaded Malewarebytes, SuperAntispyware free edition and RKill and they all say my comp is fine. Please advise:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by azrat (administrator) on 3MDUBS-LAPTOP (09-04-2018 13:58:55)
Running from C:\Users\azrat\AppData\Local\Temp\scoped_dir3344_13245
Loaded Profiles: azrat (Available Profiles: azrat)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Qualcomm Technologies Inc.) C:\Windows\System32\QcomWlanSrvx64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\IntelCpHeciSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(McAfee, Inc.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.8.309.0\McCSPServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Dashlane, Inc.) C:\Users\azrat\AppData\Roaming\Dashlane\Dashlane.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Dashlane, Inc.) C:\Users\azrat\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-31] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1197936 2017-08-08] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3639616 2018-03-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Run: [Dashlane] => C:\Users\azrat\AppData\Roaming\Dashlane\Dashlane.exe [456656 2018-03-28] (Dashlane, Inc.)
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Run: [DashlanePlugin] => C:\Users\azrat\AppData\Roaming\Dashlane\DashlanePlugin.exe [504784 2018-03-28] (Dashlane, Inc.)
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-22] (SUPERAntiSpyware)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{fb23beb3-7990-4019-8958-c0a0f6ab3178}: [DhcpNameServer] 192.168.29.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-4019212909-736558051-2132189764-1001 -> DefaultScope {83A2F977-8ADE-4003-8A10-774BE90CE778} URL = 
SearchScopes: HKU\S-1-5-21-4019212909-736558051-2132189764-1001 -> {83A2F977-8ADE-4003-8A10-774BE90CE778} URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-03] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\azrat\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2018-03-28] (Dashlane, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\azrat\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2018-03-28] (Dashlane, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll [2018-02-14] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-02-14] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: by14f3df.default
FF DefaultProfile: rattleroz@yahoo.com
FF ProfilePath: C:\Users\azrat\AppData\Roaming\Mozilla\Firefox\Profiles\by14f3df.default [2018-04-09]
FF Homepage: Mozilla\Firefox\Profiles\by14f3df.default -> www.yahoo.com     
FF Extension: (Dashlane) - C:\Users\azrat\AppData\Roaming\Mozilla\Firefox\Profiles\by14f3df.default\Extensions\jetpack-extension@dashlane.com.xpi [2018-02-22]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\azrat\AppData\Roaming\Mozilla\Firefox\Profiles\by14f3df.default\features\{36a09743-3394-47f8-96c3-be778660dbb1}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-03] [Legacy]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-04-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-21] [Legacy] [not signed]
FF HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\azrat\AppData\Roaming\Dashlane\5.5.0.14947\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2018-02-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-03] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2018-02-14] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-02-28] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.yahoo.com/","hxxp://www.facebook.com/","hxxp://www.blogger.com/"
OPR Extension: (Amazon Assistant for Opera) - C:\Users\azrat\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2018-04-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-26] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-26] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-03-28] (Dropbox, Inc.)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [312864 2017-07-20] (Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [119840 2017-11-03] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-21] (Intel Corporation)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2413752 2017-08-18] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-08-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 Killer Network Service x64; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2200256 2017-07-02] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-02-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\\McCSPServiceHost.exe [2140888 2018-01-18] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1668816 2018-02-12] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 QcomWlanSrv; C:\Windows\System32\QcomWlanSrvx64.exe [229368 2018-02-23] (Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-08-31] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2150120 2017-03-16] (Intel Corporation)
R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [829816 2017-08-08] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{B9CB6426-B172-4575-83A2-E960ECA122F8}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [605616 2017-04-24] (Qualcomm)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [74144 2017-11-21] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [69536 2017-11-21] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [382880 2017-11-21] (Intel Corporation)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [54816 2017-06-12] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
S3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [97912 2017-05-09] (Intel Corporation)
S3 iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [70664 2017-08-18] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-09] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [125672 2017-07-02] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [782816 2017-05-15] (Realsil Semiconductor Corporation)
R3 rtux64w10; C:\Windows\System32\drivers\rtux64w10.sys [389120 2017-05-05] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [42000 2016-10-31] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\Windows\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\Windows\System32\drivers\ACPI.sys 334BAC25FE297342B119730E699B826C
C:\Windows\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\Windows\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\Windows\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\Windows\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\Windows\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\Windows\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\Windows\system32\drivers\afd.sys AD7B46330B55170ED706043DE88AC1A9
C:\Windows\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\Windows\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\Windows\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\Windows\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\Windows\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\Windows\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\Windows\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\Windows\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\Windows\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\Windows\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\Windows\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\Windows\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\Windows\System32\drivers\bam.sys 763CF81762483E244BAEB83DEFFC53F3
C:\Windows\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\Windows\System32\drivers\BasicRender.sys FAFAEDFC7CAFD8B8FADA6A81BAF92E3A
C:\Windows\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\Windows\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\Windows\system32\DRIVERS\btfilter.sys 485C8DD784D0E86D966ABC3F9833628F
C:\Windows\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\Windows\System32\drivers\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\Windows\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\Windows\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\Windows\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\Windows\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\Windows\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\Windows\System32\drivers\BTHport.sys 5FAA7A57251BAAE5D1DDBA5FEFA232B9
C:\Windows\System32\drivers\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\Windows\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\Windows\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\Windows\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\Windows\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\Windows\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\Windows\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\Windows\System32\drivers\cfwids.sys 9CD5859B0B3DDBAE94F96AD442BA353B
C:\Windows\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\Windows\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\Windows\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\Windows\System32\drivers\cldflt.sys 6AF3865AEF65623814209794409AA15F
C:\Windows\System32\drivers\CLFS.sys 33609EDF8062E8FE79DD5F9079E4D3CE
C:\Windows\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\Windows\System32\Drivers\cng.sys DAD3FBE21D23064DF65F2E8B4413F341
C:\Windows\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\Windows\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\Windows\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\Windows\system32\drivers\DDDriver64Dcsa.sys 518EABDF50319B2769EB06DDFF4B29CA
C:\Windows\system32\drivers\DellProf.sys 59DE5F7356E4610219DF36E617956FEC
C:\Windows\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\Windows\system32\DRIVERS\ssudbus.sys 5F78930AAB3900102EA8ACDD38F97324
C:\Windows\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\Windows\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\Windows\System32\drivers\dptf_acpi.sys 97D7D23EB303E2C2325DCBEBDE748F93
C:\Windows\System32\drivers\dptf_cpu.sys BB62D52E86C23FBA8E3D6003422A00C8
C:\Windows\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\Windows\System32\drivers\dxgkrnl.sys 1C0CD90ECC86B7B26D98EBA5BBF419C3
C:\Windows\System32\drivers\e1i63x64.sys 83E4A14F851341C933C3235BFB882ECA
C:\Windows\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\Windows\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\Windows\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\Windows\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\Windows\system32\DRIVERS\esif_lf.sys 584091A91F690AB5B0B592F952460355
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\Windows\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\Windows\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\Windows\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\Windows\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\Windows\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\Windows\System32\drivers\fltmgr.sys 56F9EAA7099159759B2F6C523007A13F
C:\Windows\System32\drivers\FsDepends.sys 5D8A0E58E3F82583697E3F07052435AA
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\Windows\System32\DRIVERS\fvevol.sys 9E5E8464A9E6E177916DC010A9753CD4
C:\Windows\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\Windows\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\Windows\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\Windows\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\Windows\System32\drivers\HdAudio.sys 0D4E1DE424440F1FC83E27EB30870B2E
C:\Windows\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\Windows\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\Windows\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\Windows\System32\drivers\HidEventFilter.sys 35DA2D71B8DA743233F712678A4A5AE1
C:\Windows\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\Windows\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\Windows\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\Windows\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\Windows\System32\drivers\HipShieldK.sys 41338FD7ADA339680F670B3D01A06615
C:\Windows\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\Windows\System32\drivers\HTTP.sys 1BAAC22B54F149D26AFCD41446A1E2D1
C:\Windows\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\Windows\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\Windows\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\Windows\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\Windows\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\Windows\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\Windows\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\Windows\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys B36A9AEDAC408556FAB5CF7CE38FFD5D
C:\Windows\System32\drivers\iaLPSS2_I2C.sys EDB375889F906F90FB6A07AF9D177A3A
C:\Windows\System32\drivers\iaLPSS2_SPI.sys A9C443B20575B58646BC2303E3F34D27
C:\Windows\System32\drivers\iaLPSS2_UART2.sys 7C841A20B1541FA0CFC240971B4B50D0
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorA.sys D914F30B72E1BCFFB66111B61B64C675
C:\Windows\System32\drivers\iaStorAfs.sys AE1182A48E62E4E99A5819E3A89AC6DB
C:\Windows\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\Windows\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\Windows\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\igdkmd64.sys 01B1887F10753CF039646E8135A750DB
C:\Windows\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\Windows\System32\drivers\IntcAudioBus.sys AD8F45812409D4B464736A78F62BABA3
C:\Windows\system32\drivers\RTKVHD64.sys F44DF6EE5E1B586FF7A0E6B6A3E66196
C:\Windows\system32\DRIVERS\IntcDAud.sys DA7859458D03EF47FA344DF60AEAC28D
C:\Windows\System32\drivers\IntcOED.sys 63D433D6C561FCC54EEBC210B667BE72
C:\Windows\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\Windows\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\Windows\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\Windows\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\Windows\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\Windows\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\Windows\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\Windows\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\Windows\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\Windows\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\Windows\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\Windows\System32\drivers\isapnp.sys A3B7A93F32E110949CA01DDE7C6B991B
C:\Windows\System32\drivers\msiscsi.sys E352C745233D62AE43B2A9E98416F1D1
C:\Windows\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\Windows\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\Windows\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\Windows\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\Windows\System32\Drivers\ksecpkg.sys D55A5888E11F74462849C348A9206914
C:\Windows\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\Windows\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\Windows\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\Windows\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\Windows\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\Windows\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\Windows\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\Windows\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\Windows\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\Windows\System32\Drivers\mbamswissarmy.sys 351BF8F77B0A15A7B5A2AE098C52A387
C:\Windows\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\Windows\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\Windows\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\Windows\System32\drivers\TeeDriverW8x64.sys F1E754DEEB3369BCCE2228D5C10DE101
C:\Windows\System32\drivers\mfeaack.sys D95EC367B5E11A930B81801B34C2F032
C:\Windows\System32\drivers\mfeavfk.sys 5EC5622868CF72E92A60BE05EB09115A
C:\Windows\System32\drivers\mfeelamk.sys 410001C275C789D1A83D5B93E878D037
C:\Windows\System32\drivers\mfefirek.sys B26770FB91FD002A8AA5265DF2172E4E
C:\Windows\System32\drivers\mfehidk.sys E0B99B50A6B258B202BE34494499DE87
C:\Windows\System32\DRIVERS\mfencbdc.sys 65BB74B540E0D534A756337C67A52A2E
C:\Windows\System32\DRIVERS\mfencrk.sys 8171895DD97DB075BCF903716CE4274A
C:\Windows\System32\drivers\mfeplk.sys 51B5345FC358C30066F3D06BF0D0C3C5
C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys B3096F77D6D876B712D27F574DABEA27
C:\Windows\System32\drivers\mfewfpk.sys 76E711B32EEBE5FE6D11579F9CE37FC1
C:\Windows\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\Windows\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\Windows\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\Windows\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\Windows\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\Windows\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\Windows\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\Windows\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\Windows\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\Windows\System32\DRIVERS\mrxsmb.sys 71729B1EE949E1B092CB5CB75CC63715
C:\Windows\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\Windows\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\Windows\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\Windows\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\Windows\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\Windows\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\Windows\System32\drivers\MSKSSRV.sys 021C34C1968B78ACFBF30553EE78A1D3
C:\Windows\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\Windows\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\Windows\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys A423DA8D5E810AD35AE221A4BE1A23B7
C:\Windows\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\Windows\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\Windows\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\Windows\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\Windows\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\Windows\System32\DRIVERS\nwifi.sys FD916B66910494DFF70C944FC38A2623
C:\Windows\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\Windows\System32\drivers\ndis.sys EC74F146BCA0586DF835027D56B6A68D
C:\Windows\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\Windows\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\Windows\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\Windows\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\Windows\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\Windows\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\Windows\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\Windows\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\Windows\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\Windows\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\Windows\System32\drivers\netbios.sys E899D26A0C2555AC30ACDD526056E51F
C:\Windows\System32\DRIVERS\netbt.sys 7FC54F2AF5EC52C7AC05AD90FFC757E6
C:\Windows\System32\drivers\netvsc.sys 88D5C3BC8DE3DA7EC3C89D49060E97E9
C:\Windows\System32\drivers\Netwtw04.sys 9018527E56D9CADB80FE5D1CB824D5D9
C:\Windows\System32\Drivers\Npfs.sys F337ACAC7C85DE7A80AC2106C505FD13
C:\Windows\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\Windows\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys B6FDEBE8F640E9173AD2BA3F9C014195
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\Windows\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\Windows\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\Windows\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\Windows\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\Windows\System32\drivers\partmgr.sys 023DDF9DE429B2E6F0BADA72AA98EF8B
C:\Windows\System32\drivers\pci.sys 38FABAC2072FC9E6459F7B7ECF3F6C47
C:\Windows\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\Windows\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\Windows\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\Windows\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\Windows\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\Windows\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\Windows\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\Windows\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\Windows\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\Windows\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\Windows\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\Windows\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\Windows\system32\DRIVERS\Qcamain10x64.sys 664A4E6F51B71428142E90C1AC6C4E3E
C:\Windows\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\Windows\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\Windows\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\Windows\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\Windows\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\Windows\System32\drivers\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\Windows\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\Windows\System32\DRIVERS\rdbss.sys 4525664EFB5EB71D4B155405F78D93DB
C:\Windows\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\Windows\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\Windows\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\Windows\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\Windows\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\Windows\system32\DRIVERS\RfeCo10X64.sys BC20265E933D2C0297C24E7148A0C7CE
C:\Windows\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\Windows\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\Windows\system32\DRIVERS\RtsPer.sys C6C2C784EB566FFA6F0FF6FE8646E89E
C:\Windows\System32\drivers\rtux64w10.sys 89C20CD1E0EB8D5768B84D214DF033E3
C:\Windows\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\Windows\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\Windows\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\Windows\System32\drivers\sdbus.sys 1F58E6D5C1F211DE8BF5131BF12077D1
C:\Windows\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\Windows\System32\drivers\sdstor.sys 80E9563F0B75E98482ECB7D5CBA56BBA
C:\Windows\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\Windows\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\Windows\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\Windows\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\Windows\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\Windows\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\Windows\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\Windows\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\Windows\System32\drivers\spaceport.sys F0EF647D02C33FFB19C065C6CB5FAFDA
C:\Windows\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\Windows\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\Windows\System32\DRIVERS\srv2.sys 9608E59615382EA9A76C8BE2CC788A97
C:\Windows\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\Windows\system32\DRIVERS\ssudmdm.sys F0B59ADCD06BCEB9D47311B7041CA2C9
C:\Windows\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\Windows\System32\drivers\storahci.sys D218EA2F4126629BEAC03555216CB506
C:\Windows\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\Windows\System32\drivers\stornvme.sys 15EA6F1F6BA9A0E2C8D32A6EB77129F8
C:\Windows\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\Windows\System32\drivers\storufs.sys 4D6FF8DDBF9CC61EC95A4BF4096D52FF
C:\Windows\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\Windows\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\Windows\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\Windows\System32\drivers\tcpip.sys CEB50240703E69F552116C7E9F0E0910
C:\Windows\System32\drivers\tcpip.sys CEB50240703E69F552116C7E9F0E0910
C:\Windows\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\Windows\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\Windows\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\Windows\System32\drivers\tpm.sys F54728E32D67537C5A13454E23449C7A
C:\Windows\System32\drivers\TsUsbFlt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\Windows\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\Windows\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\Windows\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\Windows\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\Windows\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\Windows\System32\drivers\UcmUcsi.sys F520EF2D24C1B43A2151DCA271865271
C:\Windows\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\Windows\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\Windows\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\Windows\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\Windows\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\Windows\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\Windows\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\Windows\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\Windows\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\Windows\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\Windows\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\Windows\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\Windows\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\Windows\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\Windows\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\Windows\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\Windows\System32\drivers\UsbHub3.sys 964721AD64F0F263A515CE70399D4834
C:\Windows\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\Windows\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\Windows\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\Windows\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\Windows\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\Windows\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\Windows\System32\drivers\USBXHCI.SYS D4AF6826A473562C169B0916BFE3486C
C:\Windows\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\Windows\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\Windows\System32\drivers\vhdmp.sys A8D889FDE8DFD73790D7A6469087F2EA
C:\Windows\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\Windows\System32\drivers\VirtualButtons.sys 52EDBF235BD53061361BC08C5DF2ABF6
C:\Windows\System32\drivers\vmbus.sys 7F74310E6C734B14A2F352BA9BF46AC8
C:\Windows\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\Windows\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\Windows\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\Windows\System32\drivers\volmgr.sys E79560E0D2735CE1F7C0B5D2051E6FF4
C:\Windows\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\Windows\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\Windows\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\Windows\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\Windows\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\Windows\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\Windows\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\Windows\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\Windows\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\Windows\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\Windows\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\Windows\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\Windows\system32\drivers\wcifs.sys 06E308756F1B4A47AA7CBC82A1ED889A
C:\Windows\system32\drivers\wcnfs.sys 47AEC992BDE2C98CAF94260367E52CDE
C:\Windows\system32\drivers\WdBoot.sys 6FD8F1FBED780A7F3DF329C834E52AC5
C:\Windows\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\Windows\system32\drivers\WdFilter.sys 7D182F0F227FC141C5D2085175BE05F6
C:\Windows\System32\DRIVERS\wdiwifi.sys 394CCCA2A8C04BA14327636F20AB9DAD
C:\Windows\System32\Drivers\WdNisDrv.sys 0D38C257A7B34A818726BA2F323B196E
C:\Windows\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\Windows\System32\drivers\wfplwfs.sys 8E101DF42D36E04EC610581BA478B38F
C:\Windows\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\Windows\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\Windows\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\Windows\System32\drivers\winnat.sys E0551E7838C0D03E1E0FE7BD8CDA8B99
C:\Windows\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\Windows\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\Windows\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\Windows\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\Windows\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\Windows\System32\drivers\WSDPrint.sys 7B44553610A89F2011CF69BEA9AFD4CB
C:\Windows\system32\DRIVERS\WSDScan.sys 8068DC839C3729FFC70821FBEF05D5ED
C:\Windows\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\Windows\System32\drivers\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\Windows\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\Windows\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\Windows\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\Windows\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:16 PM

Posted 09 April 2018 - 07:26 PM

Greetings azrattler and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please move FRST to your Desktop. Rerun a FRST scan leaving all the default settings. Copy and paste both the FRST.txt and Addition.txt files in your reply. If necessary use multiple posts.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 azrattler

azrattler
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 09 April 2018 - 08:15 PM

Hello Gary,

 

My name is Jim. Thank you for your assistance. I appreciate it. Here is the information you requested.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by azrat (administrator) on 3MDUBS-LAPTOP (09-04-2018 18:11:49)
Running from C:\Users\azrat\Desktop
Loaded Profiles: azrat (Available Profiles: azrat)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Qualcomm Technologies Inc.) C:\Windows\System32\QcomWlanSrvx64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\IntelCpHeciSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(McAfee, Inc.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.8.309.0\McCSPServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Dashlane, Inc.) C:\Users\azrat\AppData\Roaming\Dashlane\Dashlane.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Dashlane, Inc.) C:\Users\azrat\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.1000_x64__8wekyb3d8bbwe\Calculator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\52.0.2871.40\opera.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-31] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1197936 2017-08-08] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3639616 2018-03-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Run: [Dashlane] => C:\Users\azrat\AppData\Roaming\Dashlane\Dashlane.exe [456656 2018-03-28] (Dashlane, Inc.)
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Run: [DashlanePlugin] => C:\Users\azrat\AppData\Roaming\Dashlane\DashlanePlugin.exe [504784 2018-03-28] (Dashlane, Inc.)
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-22] (SUPERAntiSpyware)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{fb23beb3-7990-4019-8958-c0a0f6ab3178}: [DhcpNameServer] 192.168.29.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-4019212909-736558051-2132189764-1001 -> DefaultScope {83A2F977-8ADE-4003-8A10-774BE90CE778} URL = 
SearchScopes: HKU\S-1-5-21-4019212909-736558051-2132189764-1001 -> {83A2F977-8ADE-4003-8A10-774BE90CE778} URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-03] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\azrat\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2018-03-28] (Dashlane, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\azrat\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2018-03-28] (Dashlane, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll [2018-02-14] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-02-14] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: by14f3df.default
FF DefaultProfile: rattleroz@yahoo.com
FF ProfilePath: C:\Users\azrat\AppData\Roaming\Mozilla\Firefox\Profiles\by14f3df.default [2018-04-09]
FF Homepage: Mozilla\Firefox\Profiles\by14f3df.default -> www.yahoo.com     
FF Extension: (Dashlane) - C:\Users\azrat\AppData\Roaming\Mozilla\Firefox\Profiles\by14f3df.default\Extensions\jetpack-extension@dashlane.com.xpi [2018-02-22]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\azrat\AppData\Roaming\Mozilla\Firefox\Profiles\by14f3df.default\features\{36a09743-3394-47f8-96c3-be778660dbb1}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-03] [Legacy]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-04-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-21] [Legacy] [not signed]
FF HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\azrat\AppData\Roaming\Dashlane\5.5.0.14947\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2018-02-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-03] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2018-02-14] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-02-28] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.yahoo.com/","hxxp://www.facebook.com/","hxxp://www.blogger.com/"
OPR Extension: (Amazon Assistant for Opera) - C:\Users\azrat\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2018-04-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-26] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-26] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-03-28] (Dropbox, Inc.)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [312864 2017-07-20] (Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [119840 2017-11-03] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-21] (Intel Corporation)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2413752 2017-08-18] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-08-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 Killer Network Service x64; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2200256 2017-07-02] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-02-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\\McCSPServiceHost.exe [2140888 2018-01-18] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1668816 2018-02-12] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 QcomWlanSrv; C:\Windows\System32\QcomWlanSrvx64.exe [229368 2018-02-23] (Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-08-31] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2150120 2017-03-16] (Intel Corporation)
R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [829816 2017-08-08] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{B9CB6426-B172-4575-83A2-E960ECA122F8}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [605616 2017-04-24] (Qualcomm)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [74144 2017-11-21] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [69536 2017-11-21] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [382880 2017-11-21] (Intel Corporation)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [54816 2017-06-12] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
S3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [97912 2017-05-09] (Intel Corporation)
S3 iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [70664 2017-08-18] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-09] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [125672 2017-07-02] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [782816 2017-05-15] (Realsil Semiconductor Corporation)
R3 rtux64w10; C:\Windows\System32\drivers\rtux64w10.sys [389120 2017-05-05] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [42000 2016-10-31] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-09 18:11 - 2018-04-09 18:12 - 000024803 _____ C:\Users\azrat\Desktop\FRST.txt
2018-04-09 14:47 - 2018-04-09 14:47 - 000184417 _____ C:\Users\azrat\Documents\FRST.txt
2018-04-09 14:47 - 2018-04-09 14:47 - 000041401 _____ C:\Users\azrat\Documents\Addition.txt
2018-04-09 13:58 - 2018-04-09 18:11 - 000000000 ____D C:\FRST
2018-04-09 13:58 - 2018-04-09 13:58 - 002403328 _____ (Farbar) C:\Users\azrat\Desktop\FRST64.exe
2018-04-09 13:32 - 2018-04-09 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-04-09 13:29 - 2018-04-09 13:29 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-08 22:29 - 2018-04-09 16:50 - 000003606 _____ C:\Windows\System32\Tasks\McAfee DAT Built in test
2018-04-07 21:42 - 2018-04-07 21:42 - 000000000 ____D C:\Program Files (x86)\Dell Update
2018-04-07 17:12 - 2018-04-07 17:12 - 000000000 ____D C:\Users\azrat\AppData\Local\videoeditor
2018-04-05 17:46 - 2018-04-09 13:29 - 000000538 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 084dfbab-44f2-4cd7-8fd0-117b70b81101.job
2018-04-05 17:01 - 2018-04-05 17:01 - 000003332 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTask-769BDF19B0A3BD0D863F69221654D7E7
2018-04-03 21:43 - 2018-04-03 21:43 - 000000000 ____D C:\Users\azrat\AppData\Local\Suite
2018-04-03 21:43 - 2018-04-03 21:43 - 000000000 ____D C:\Users\azrat\AppData\Local\Movavi
2018-04-03 21:36 - 2018-04-03 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Suite 16
2018-04-03 21:34 - 2018-04-03 21:44 - 000000000 ____D C:\ProgramData\Movavi Video Suite 16
2018-04-03 21:34 - 2018-04-03 21:36 - 000000000 ____D C:\Program Files (x86)\Movavi Video Suite 16
2018-04-03 21:34 - 2018-04-03 21:34 - 000004991 _____ C:\ProgramData\kjiixkes.ghp
2018-04-03 21:34 - 2018-04-03 21:34 - 000000016 _____ C:\ProgramData\mntemp
2018-04-03 21:34 - 2018-04-03 21:34 - 000000000 ____D C:\ProgramData\Movavi
2018-04-03 21:32 - 2018-04-03 21:32 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-04-02 17:54 - 2018-04-02 17:54 - 000000000 ____D C:\Users\azrat\AppData\Local\CrashDumps
2018-04-02 08:32 - 2018-04-09 13:29 - 000000538 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ab74f85b-dcd7-4156-b6f2-e577fb3d82e3.job
2018-04-02 08:32 - 2018-04-05 17:46 - 000003590 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 084dfbab-44f2-4cd7-8fd0-117b70b81101
2018-04-02 08:32 - 2018-04-02 08:32 - 000003692 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ab74f85b-dcd7-4156-b6f2-e577fb3d82e3
2018-04-02 08:31 - 2018-04-02 08:31 - 000000000 ____D C:\Users\azrat\AppData\Roaming\SUPERAntiSpyware.com
2018-04-02 08:31 - 2018-04-02 08:31 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-04-02 08:31 - 2018-04-02 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-04-02 08:31 - 2018-04-02 08:31 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-02 07:41 - 2018-04-02 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-02 07:41 - 2018-04-02 07:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-02 07:41 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-31 08:00 - 2018-03-31 08:00 - 000003954 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1516471308
2018-03-31 08:00 - 2018-03-31 08:00 - 000001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-03-28 21:41 - 2018-03-28 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-28 07:31 - 2018-03-28 07:31 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-03-28 07:31 - 2018-03-28 07:31 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-03-28 07:31 - 2018-03-28 07:31 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-03-28 07:31 - 2018-03-28 07:31 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-03-21 19:57 - 2018-03-21 19:57 - 000003126 _____ C:\Windows\System32\Tasks\McAfeeLogon
2018-03-20 03:51 - 2018-03-20 03:51 - 000003372 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4019212909-736558051-2132189764-1001
2018-03-20 03:51 - 2018-03-20 03:51 - 000002365 _____ C:\Users\azrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-14 21:44 - 2018-03-02 14:09 - 000834552 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-14 21:44 - 2018-03-02 14:09 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 21:43 - 2018-03-13 21:43 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-03-13 21:42 - 2018-03-13 21:42 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-03-13 21:42 - 2018-03-01 20:36 - 017085440 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-03-13 21:42 - 2018-03-01 20:02 - 000037888 _____ C:\Windows\system32\SpectrumSyncClient.dll
2018-03-13 21:42 - 2018-03-01 20:01 - 000640000 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
2018-03-13 21:42 - 2018-03-01 20:00 - 000329728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 21:42 - 2018-03-01 20:00 - 000248320 _____ (Microsoft Corporation) C:\Windows\system32\svf.dll
2018-03-13 21:42 - 2018-03-01 20:00 - 000230912 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
2018-03-13 21:42 - 2018-03-01 19:59 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-03-13 21:42 - 2018-03-01 13:28 - 000181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
2018-03-13 21:42 - 2018-03-01 00:50 - 000270744 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-13 21:42 - 2018-03-01 00:49 - 000389536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-13 21:42 - 2018-03-01 00:48 - 000664472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-13 21:42 - 2018-03-01 00:47 - 000749464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-13 21:42 - 2018-03-01 00:47 - 000035224 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2018-03-13 21:42 - 2018-03-01 00:46 - 002003352 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-13 21:42 - 2018-03-01 00:46 - 001568664 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-13 21:42 - 2018-03-01 00:46 - 000609176 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-13 21:42 - 2018-03-01 00:46 - 000138144 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-13 21:42 - 2018-03-01 00:45 - 000070040 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2018-03-13 21:42 - 2018-03-01 00:40 - 002514936 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-03-13 21:42 - 2018-03-01 00:40 - 000461720 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-03-13 21:42 - 2018-03-01 00:40 - 000273304 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-13 21:42 - 2018-03-01 00:37 - 007831760 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-03-13 21:42 - 2018-03-01 00:31 - 008602520 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-13 21:42 - 2018-03-01 00:30 - 000540064 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-03-13 21:42 - 2018-03-01 00:30 - 000264040 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2018-03-13 21:42 - 2018-03-01 00:29 - 000733592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-03-13 21:42 - 2018-03-01 00:27 - 001173576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-13 21:42 - 2018-03-01 00:26 - 000170912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-03-13 21:42 - 2018-03-01 00:25 - 000377752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-03-13 21:42 - 2018-03-01 00:23 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2018-03-13 21:42 - 2018-03-01 00:19 - 000710768 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2018-03-13 21:42 - 2018-03-01 00:17 - 002710736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-03-13 21:42 - 2018-03-01 00:17 - 000519152 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2018-03-13 21:42 - 2018-03-01 00:17 - 000408984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-03-13 21:42 - 2018-03-01 00:15 - 002574232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-03-13 21:42 - 2018-03-01 00:14 - 007675784 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-03-13 21:42 - 2018-03-01 00:14 - 007384576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 21:42 - 2018-03-01 00:14 - 005105664 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2018-03-13 21:42 - 2018-03-01 00:14 - 001694224 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2018-03-13 21:42 - 2018-03-01 00:14 - 000356952 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-03-13 21:42 - 2018-03-01 00:14 - 000147872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2018-03-13 21:42 - 2018-03-01 00:14 - 000128928 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2018-03-13 21:42 - 2018-03-01 00:12 - 000677272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-03-13 21:42 - 2018-03-01 00:12 - 000250264 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2018-03-13 21:42 - 2018-03-01 00:12 - 000189344 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthAgent.dll
2018-03-13 21:42 - 2018-03-01 00:11 - 000093600 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2018-03-13 21:42 - 2018-03-01 00:10 - 001779936 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2018-03-13 21:42 - 2018-03-01 00:10 - 000075168 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2018-03-13 21:42 - 2018-03-01 00:10 - 000022936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-03-13 21:42 - 2018-03-01 00:09 - 001054272 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-03-13 21:42 - 2018-02-28 23:51 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-03-13 21:42 - 2018-02-28 23:48 - 001930736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-03-13 21:42 - 2018-02-28 23:39 - 000213400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-03-13 21:42 - 2018-02-28 23:30 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-03-13 21:42 - 2018-02-28 23:29 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-03-13 21:42 - 2018-02-28 23:29 - 000574960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2018-03-13 21:42 - 2018-02-28 23:28 - 006480616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 21:42 - 2018-02-28 23:28 - 002193168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-03-13 21:42 - 2018-02-28 23:28 - 000115096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2018-03-13 21:42 - 2018-02-28 23:27 - 000284112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-03-13 21:42 - 2018-02-28 23:27 - 000221592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2018-03-13 21:42 - 2018-02-28 23:26 - 001524776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-03-13 21:42 - 2018-02-28 23:26 - 001057816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-03-13 21:42 - 2018-02-28 23:23 - 005105664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2018-03-13 21:42 - 2018-02-28 23:21 - 001558856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2018-03-13 21:42 - 2018-02-28 23:09 - 025251840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-03-13 21:42 - 2018-02-28 23:03 - 002902528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-03-13 21:42 - 2018-02-28 23:03 - 000471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2018-03-13 21:42 - 2018-02-28 23:03 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-03-13 21:42 - 2018-02-28 23:03 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2018-03-13 21:42 - 2018-02-28 23:03 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2018-03-13 21:42 - 2018-02-28 23:01 - 019354624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-03-13 21:42 - 2018-02-28 23:01 - 006575616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 21:42 - 2018-02-28 23:01 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-03-13 21:42 - 2018-02-28 23:01 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-03-13 21:42 - 2018-02-28 23:00 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-03-13 21:42 - 2018-02-28 22:59 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 21:42 - 2018-02-28 22:58 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-03-13 21:42 - 2018-02-28 22:58 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-03-13 21:42 - 2018-02-28 22:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Payments.dll
2018-03-13 21:42 - 2018-02-28 22:58 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-03-13 21:42 - 2018-02-28 22:57 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-03-13 21:42 - 2018-02-28 22:56 - 018922496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-03-13 21:42 - 2018-02-28 22:56 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-03-13 21:42 - 2018-02-28 22:55 - 000346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-03-13 21:42 - 2018-02-28 22:54 - 003664384 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-03-13 21:42 - 2018-02-28 22:54 - 003181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-03-13 21:42 - 2018-02-28 22:54 - 001296896 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-03-13 21:42 - 2018-02-28 22:54 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-03-13 21:42 - 2018-02-28 22:54 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-03-13 21:42 - 2018-02-28 22:54 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-03-13 21:42 - 2018-02-28 22:53 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-03-13 21:42 - 2018-02-28 22:53 - 000536576 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-03-13 21:42 - 2018-02-28 22:53 - 000399872 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-03-13 21:42 - 2018-02-28 22:53 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-03-13 21:42 - 2018-02-28 22:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2018-03-13 21:42 - 2018-02-28 22:53 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2018-03-13 21:42 - 2018-02-28 22:53 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\updatecsp.dll
2018-03-13 21:42 - 2018-02-28 22:53 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2018-03-13 21:42 - 2018-02-28 22:53 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\AcSpecfc.dll
2018-03-13 21:42 - 2018-02-28 22:53 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2018-03-13 21:42 - 2018-02-28 22:52 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-03-13 21:42 - 2018-02-28 22:52 - 006030336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-03-13 21:42 - 2018-02-28 22:51 - 002329088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-03-13 21:42 - 2018-02-28 22:51 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-03-13 21:42 - 2018-02-28 22:51 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2018-03-13 21:42 - 2018-02-28 22:51 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-03-13 21:42 - 2018-02-28 22:50 - 003677184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-03-13 21:42 - 2018-02-28 22:50 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-03-13 21:42 - 2018-02-28 22:50 - 000526336 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-03-13 21:42 - 2018-02-28 22:50 - 000118272 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-03-13 21:42 - 2018-02-28 22:50 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
2018-03-13 21:42 - 2018-02-28 22:49 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-03-13 21:42 - 2018-02-28 22:49 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-03-13 21:42 - 2018-02-28 22:49 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 21:42 - 2018-02-28 22:49 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-03-13 21:42 - 2018-02-28 22:48 - 000543232 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2018-03-13 21:42 - 2018-02-28 22:48 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2018-03-13 21:42 - 2018-02-28 22:47 - 023674368 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-03-13 21:42 - 2018-02-28 22:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Payments.dll
2018-03-13 21:42 - 2018-02-28 22:47 - 000484352 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2018-03-13 21:42 - 2018-02-28 22:46 - 004051968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-03-13 21:42 - 2018-02-28 22:46 - 000770048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2018-03-13 21:42 - 2018-02-28 22:46 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-03-13 21:42 - 2018-02-28 22:45 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-03-13 21:42 - 2018-02-28 22:45 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-03-13 21:42 - 2018-02-28 22:45 - 000386560 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-03-13 21:42 - 2018-02-28 22:44 - 008030720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-03-13 21:42 - 2018-02-28 22:44 - 005195776 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-03-13 21:42 - 2018-02-28 22:43 - 012830208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-03-13 21:42 - 2018-02-28 22:42 - 003505664 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-03-13 21:42 - 2018-02-28 22:42 - 002084352 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-03-13 21:42 - 2018-02-28 22:41 - 008103936 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-03-13 21:42 - 2018-02-28 22:41 - 004745728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-03-13 21:42 - 2018-02-28 22:41 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-03-13 21:42 - 2018-02-28 22:41 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-13 21:42 - 2018-02-28 22:41 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-03-13 21:42 - 2018-02-28 22:40 - 005833216 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-03-13 21:42 - 2018-02-28 22:39 - 002222592 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2018-03-13 21:42 - 2018-02-28 22:39 - 002035712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-03-13 21:42 - 2018-02-28 22:39 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2018-03-13 21:42 - 2018-02-28 22:39 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2018-03-13 21:42 - 2018-02-28 22:38 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-03-13 21:42 - 2018-02-28 22:38 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-03-13 21:42 - 2018-02-28 22:36 - 004050432 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-03-13 21:42 - 2018-02-28 22:36 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-03-13 21:42 - 2018-02-28 22:35 - 000568320 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-03-13 21:42 - 2018-02-28 22:35 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-03-13 21:42 - 2018-02-28 22:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-03-13 21:42 - 2018-02-21 19:23 - 001092016 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-03-13 21:42 - 2018-02-21 19:23 - 000924648 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-03-13 21:42 - 2018-02-21 19:13 - 000279456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2018-03-13 21:42 - 2018-02-21 19:13 - 000077216 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-03-13 21:42 - 2018-02-21 19:11 - 000109984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2018-03-13 21:42 - 2018-02-21 19:10 - 000285080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2018-03-13 21:42 - 2018-02-21 19:08 - 001206688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-03-13 21:42 - 2018-02-21 19:08 - 001055648 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-03-13 21:42 - 2018-02-21 19:08 - 000571288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2018-03-13 21:42 - 2018-02-21 19:07 - 001415296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-03-13 21:42 - 2018-02-21 19:07 - 001209248 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-13 21:42 - 2018-02-21 19:07 - 000194456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2018-03-13 21:42 - 2018-02-21 19:03 - 000712600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-03-13 21:42 - 2018-02-21 19:03 - 000082848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-03-13 21:42 - 2018-02-21 19:02 - 000149400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2018-03-13 21:42 - 2018-02-21 19:00 - 000187296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2018-03-13 21:42 - 2018-02-21 18:59 - 021351624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-03-13 21:42 - 2018-02-21 18:54 - 000437144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2018-03-13 21:42 - 2018-02-21 18:52 - 000103328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-03-13 21:42 - 2018-02-21 18:51 - 000555424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2018-03-13 21:42 - 2018-02-21 18:51 - 000097176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2018-03-13 21:42 - 2018-02-21 18:51 - 000045472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2018-03-13 21:42 - 2018-02-21 18:50 - 000362904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-03-13 21:42 - 2018-02-21 18:50 - 000229272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2018-03-13 21:42 - 2018-02-21 17:41 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-03-13 21:42 - 2018-02-21 17:31 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys
2018-03-13 21:42 - 2018-02-21 17:30 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2018-03-13 21:42 - 2018-02-21 17:30 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-03-13 21:42 - 2018-02-21 17:30 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RfxVmt.sys
2018-03-13 21:42 - 2018-02-21 17:27 - 001282048 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-03-13 21:42 - 2018-02-21 17:26 - 001015296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2018-03-13 21:42 - 2018-02-21 17:26 - 000441344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2018-03-13 21:42 - 2018-02-21 17:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2018-03-13 21:42 - 2018-02-21 17:16 - 001286144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-03-13 21:42 - 2018-02-21 17:12 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-03-13 21:32 - 2018-03-13 21:32 - 000004574 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-11 22:29 - 2018-03-11 22:40 - 000000000 ____D C:\Users\azrat\AppData\Roaming\Ulead Systems
2018-03-11 22:26 - 2018-03-11 22:52 - 000000000 ____D C:\Users\azrat\Documents\Corel VideoStudio Pro
2018-03-11 22:24 - 2018-03-16 21:45 - 000000000 ____D C:\Program Files (x86)\Corel
2018-03-11 22:24 - 2018-03-11 22:26 - 000000000 ____D C:\ProgramData\Protexis64
2018-03-11 22:24 - 2018-03-11 22:24 - 000003696 _____ C:\Windows\System32\Tasks\VideoStudioUpdater
2018-03-11 22:24 - 2018-03-11 22:24 - 000003336 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTaskCore
2018-03-11 22:24 - 2018-03-11 22:24 - 000000000 ____D C:\Users\azrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2018-03-11 22:24 - 2018-03-11 22:24 - 000000000 ____D C:\Users\azrat\AppData\Roaming\Corel
2018-03-11 22:24 - 2018-03-11 22:24 - 000000000 ____D C:\Users\azrat\AppData\Local\Downloaded Installations
2018-03-11 22:24 - 2018-03-11 22:24 - 000000000 ____D C:\Program Files (x86)\Haali
2018-03-11 22:23 - 2018-03-11 22:23 - 000001453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoStudio Notification.lnk
2018-03-11 22:23 - 2018-03-11 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio 2018
2018-03-11 22:23 - 2018-03-11 22:23 - 000000000 ____D C:\Program Files\Common Files\Protexis
2018-03-11 22:22 - 2018-03-11 22:24 - 000000000 ____D C:\Program Files\Corel
2018-03-11 22:06 - 2018-03-13 21:35 - 000000000 ____D C:\ProgramData\Corel
2018-03-11 22:05 - 2018-03-11 22:05 - 000000000 ____D C:\ProgramData\UniqueId
2018-03-11 16:01 - 2018-03-11 16:01 - 000000000 ____D C:\ProgramData\Wondershare
2018-03-11 15:57 - 2018-03-11 15:57 - 000000000 ____D C:\Users\azrat\AppData\Local\Wondershare
2018-03-11 15:57 - 2018-03-11 15:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-03-11 15:56 - 2018-03-11 16:14 - 000000000 ____D C:\Users\azrat\Documents\Wondershare Filmora
2018-03-11 15:56 - 2018-03-11 15:56 - 000000000 ____D C:\ProgramData\Wondershare Video Editor
2018-03-11 15:56 - 2018-03-11 15:56 - 000000000 ____D C:\Program Files\Wondershare
2018-03-11 15:56 - 2017-03-17 11:43 - 001250304 _____ (CineForm Inc.) C:\Windows\system32\CFDecode64.ax
2018-03-11 15:55 - 2018-03-11 15:57 - 000000000 ____D C:\Users\Public\Documents\Wondershare
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-09 14:30 - 2018-01-20 10:48 - 000000000 ____D C:\Users\azrat\AppData\LocalLow\Mozilla
2018-04-09 13:36 - 2018-01-07 21:31 - 001467120 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-09 13:33 - 2018-02-17 16:32 - 000004162 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{40B92B73-5FDF-4DA3-91A8-FC8C4E6FDC7E}
2018-04-09 13:29 - 2018-01-20 10:36 - 000000000 __SHD C:\Users\azrat\IntelGraphicsProfiles
2018-04-09 13:29 - 2017-12-27 18:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-09 13:28 - 2017-09-29 01:45 - 000786432 _____ C:\Windows\system32\config\BBI
2018-04-09 13:27 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\system32\NDF
2018-04-08 22:29 - 2017-09-29 01:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-04-08 22:28 - 2017-12-27 18:53 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-04-08 19:25 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-04-08 19:18 - 2018-01-21 16:03 - 000000000 ____D C:\Users\azrat\AppData\Roaming\HandBrake
2018-04-08 19:04 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-08 19:04 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\AppReadiness
2018-04-08 15:47 - 2018-01-28 22:23 - 000000000 ____D C:\Users\azrat\Desktop\Bible Books
2018-04-07 21:42 - 2018-01-07 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-04-07 15:13 - 2018-01-28 22:25 - 000000000 ____D C:\Users\azrat\Desktop\Movie Reviews
2018-04-07 14:59 - 2018-01-28 22:25 - 000000000 ____D C:\Users\azrat\Desktop\Movie Posters
2018-04-06 19:42 - 2018-01-20 11:12 - 000000000 ____D C:\Users\azrat\AppData\Roaming\Dashlane
2018-04-06 19:41 - 2018-01-20 11:12 - 000000000 ____D C:\Users\azrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2018-04-03 21:33 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-03 21:32 - 2018-02-24 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-03 21:32 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-03 21:31 - 2018-02-24 10:22 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-31 21:14 - 2018-01-20 10:36 - 000000000 ____D C:\Users\azrat\AppData\Local\Packages
2018-03-31 10:22 - 2018-02-02 19:34 - 000000000 ____D C:\Users\azrat\Desktop\Sun Slides
2018-03-31 08:00 - 2018-01-20 11:01 - 000000000 ____D C:\Program Files\Opera
2018-03-30 22:38 - 2018-01-20 10:37 - 000000000 ____D C:\Users\azrat\AppData\Local\PlaceholderTileLogoFolder
2018-03-29 18:33 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\rescache
2018-03-29 05:07 - 2018-01-20 10:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-29 05:07 - 2018-01-20 10:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-28 23:41 - 2017-09-29 06:37 - 000000000 ____D C:\Windows\CbsTemp
2018-03-28 21:41 - 2018-01-26 12:10 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-27 21:26 - 2018-01-20 10:48 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-26 17:30 - 2018-02-24 09:47 - 000000000 ____D C:\Users\azrat\AppData\Local\ElevatedDiagnostics
2018-03-25 12:58 - 2018-01-07 21:33 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-25 12:45 - 2018-01-21 15:50 - 000000000 ____D C:\Users\azrat\Documents\Transfer Utility LE
2018-03-25 12:24 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-03-22 14:35 - 2018-02-17 16:36 - 000000000 _____ C:\Users\azrat\AppData\LocalLow\rightsCheck_1.txt
2018-03-22 05:06 - 2018-01-07 21:33 - 000003446 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2018-03-21 19:57 - 2018-01-07 21:33 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
2018-03-21 19:57 - 2018-01-07 21:33 - 000000000 ____D C:\Program Files\Common Files\mcafee
2018-03-20 03:51 - 2018-01-20 10:37 - 000000000 ___RD C:\Users\azrat\OneDrive
2018-03-18 21:19 - 2018-01-27 09:58 - 000000000 ____D C:\Windows\Minidump
2018-03-18 06:05 - 2018-01-20 09:59 - 000000000 ____D C:\Users\azrat
2018-03-18 06:05 - 2017-09-29 06:44 - 000000000 ____D C:\Windows\INF
2018-03-14 21:44 - 2018-01-27 11:30 - 000426560 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-14 21:44 - 2018-01-20 10:36 - 000000000 ___RD C:\Users\azrat\3D Objects
2018-03-14 21:44 - 2017-12-27 18:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-13 22:37 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\TextInput
2018-03-13 22:37 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-13 22:37 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\ShellExperiences
2018-03-13 21:45 - 2018-01-20 13:50 - 000000000 ____D C:\Windows\system32\MRT
2018-03-13 21:44 - 2018-01-20 13:50 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-13 21:44 - 2018-01-20 13:50 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-13 21:32 - 2018-02-08 21:18 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 21:32 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-13 21:32 - 2017-09-29 06:46 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-11 22:22 - 2018-01-07 21:28 - 000000000 ____D C:\ProgramData\Package Cache
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-06 21:45
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by azrat (09-04-2018 18:12:13)
Running from C:\Users\azrat\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2018-01-20 18:45:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4019212909-736558051-2132189764-500 - Administrator - Disabled)
azrat (S-1-5-21-4019212909-736558051-2132189764-1001 - Administrator - Enabled) => C:\Users\azrat
DefaultAccount (S-1-5-21-4019212909-736558051-2132189764-503 - Limited - Disabled)
Guest (S-1-5-21-4019212909-736558051-2132189764-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4019212909-736558051-2132189764-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.49.1 - Asmedia Technology)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Contents64 (HKLM\...\{6E4E6A71-CE25-4DCE-8C81-E0934234B035}) (Version: 21.1.0.90 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{2C033F91-236B-4C29-854D-5CC0F67FE7DA}) (Version: 2.7.355 - Corel corporation) Hidden
Corel VideoStudio Ultimate 2018 (HKLM-x32\...\_{BF97DEDE-1D94-4E94-826A-344D85B45DD1}) (Version: 21.1.0.90 - Corel Corporation)
Dashlane (HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Dashlane) (Version: 5.10.0.18444 - Dashlane, Inc.)
Dell Digital Delivery (HKLM-x32\...\{1B706C33-57B3-411B-BB6E-C4A2CF38AF35}) (Version: 3.4.1002.0 - Dell Products, LP)
Dell Power Manager Service (HKLM\...\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssist Remediation (HKLM\...\{9C32DD4A-3321-4BD5-BD11-C4B18ECE6AE7}) (Version: 3.2.0.4834 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{9ae76d49-72b5-402c-b900-0dc71ab8ebef}) (Version: 3.2.0.4834 - Dell Inc.)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{AB1A407B-E492-4DA1-B024-F96606D1B0B7}) (Version: 3.2.0.4834 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 46.4.65 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
ICA (HKLM-x32\...\{BF97DEDE-1D94-4E94-826A-344D85B45DD1}) (Version: 21.1.0.90 - Corel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.5.1025 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
IPM_VS_Pro64 (HKLM\...\{BB43C25C-CC43-447B-B258-9DAA3E9A1002}) (Version: 21.0 - Corel Corporation) Hidden
Killer Performance Suite (HKLM\...\{680F317F-3BDC-4023-BAB1-0FA006DE033D}) (Version: 1.3.1350 - Rivet Networks)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9259.0 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R9 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Suite 16 (HKLM-x32\...\Movavi Video Suite 16) (Version: 16.5.0 - Movavi)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Opera Stable 52.0.2871.40 (HKLM-x32\...\Opera 52.0.2871.40) (Version: 52.0.2871.40 - Opera Software)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21300 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8245 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{73DEC847-B519-427C-BAAA-9034445703B6}) (Version: 21.1.0.90 - Corel Corporation) Hidden
Share64 (HKLM\...\{E233030D-601B-46F5-A797-771DEEDDBEE3}) (Version: 21.1.0.90 - Corel Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
Thunderbolt™ Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation)
Transfer Utility LE (HKLM-x32\...\{F2C2709B-FB3D-458C-B12E-9AAA5EDCA670}) (Version: 1.02.129 - PIXELA)
VideoStudio 3D Title Editor (HKLM\...\{74CD5094-4410-4C98-9F7D-EC43F99BACE4}) (Version: 1.0.4.85 - Corel Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
VSClassic64 (HKLM\...\{8592E7A8-CA1A-4E55-B2DD-E7A4895807B7}) (Version: 21.1.0.90 - Corel Corporation) Hidden
VSUltimate64 (HKLM\...\{DAB1A9B0-B93C-4EC2-B626-D57478981107}) (Version: 21.1.0.90 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Wondershare Filmora(Build 8.6.1) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\mcctxmenufrmwrk.dll [2018-02-14] (McAfee, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\igfxDTCM.dll [2017-11-13] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\mcctxmenufrmwrk.dll [2018-02-14] (McAfee, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {011A6231-4FBF-45BE-B7A1-A4979B746816} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {016DE599-3EC8-46C7-BD2A-578E8CECC1B5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {026302FF-AA78-4AC9-937D-9095FB61F1CF} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {1B380115-4810-4CA6-A7F5-383E6CD84B36} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-03] (Microsoft Corporation)
Task: {1C30E128-1D09-4ED1-A92F-94F3438616FE} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {1D5EE012-7B19-4B71-91D8-257CFB1E137E} - System32\Tasks\SUPERAntiSpyware Scheduled Task ab74f85b-dcd7-4156-b6f2-e577fb3d82e3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {22F3BF58-714E-402F-8945-C39875478285} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {28CC2381-576C-42EB-8FE4-77F112A9A9FB} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-20] (McAfee, LLC.)
Task: {2D3E1915-D321-48B6-95C8-D59EA1527998} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {3C3A3DCE-25FD-454F-9C14-094D5729B123} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {404476B5-464B-46A2-A32C-639857CD44FC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {4632E03E-3F0E-43AF-B9B1-720F3ED4F0F2} - System32\Tasks\CorelUpdateHelperTask-769BDF19B0A3BD0D863F69221654D7E7 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {566F58CF-AC13-433C-830C-977B9EDD505A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {68BCB9BD-4D50-4215-AED1-2569E082064A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-03] (Microsoft Corporation)
Task: {839DE4CD-BFA3-4C47-B0CE-5A6342857960} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-26] (Dropbox, Inc.)
Task: {92B575E1-086E-4C36-9866-F2A25AC80444} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {9D0BBA50-402A-4AE6-8E62-19AC3F9EB147} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => ConditionalAppStarter.exe
Task: {A0F2F265-DC1E-4F1A-B902-EF92E306D001} - System32\Tasks\SUPERAntiSpyware Scheduled Task 084dfbab-44f2-4cd7-8fd0-117b70b81101 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {A93FA077-A584-4C0F-8046-93F30E4A56DA} - System32\Tasks\VideoStudioUpdater => c:\Program Files\Corel\Corel VideoStudio 2018\VSNotification.exe [2018-01-29] ()
Task: {AD8E4B7B-BC0A-467C-A4C7-E5DC9A3C8B44} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {B2775338-9959-42D8-836D-CEBEE24DB8D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {B924516A-807C-45C1-97B1-C1A06B99C049} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {BE450164-1CCA-4AAA-9D51-B18CF11A7A6E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C630EB29-893B-498D-805A-89FBBE9678FE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {C98314A8-F6C5-46A1-9CDE-68022099EE6B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {CF2A5FA9-87FD-443B-85D1-A53DAB07DA7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {D1C92ADE-E40E-45C6-86DC-18A511533736} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {D7480103-4F1A-4AED-AF8A-A2B050BE5ABA} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
Task: {D7493DB4-AE96-4FED-864C-D8EC284FC7F6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {DA321849-03B8-46B2-BEDA-87B179C90DAD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-04-03] (Microsoft Corporation)
Task: {DBE4A0CC-2512-41D7-9484-0C094057C618} - System32\Tasks\Opera scheduled Autoupdate 1516471308 => C:\Program Files\Opera\launcher.exe [2018-03-28] (Opera Software)
Task: {F79FDA3C-376C-4824-8744-4F77B27DBCFA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-26] (Dropbox, Inc.)
Task: {FB15734D-5B5F-4632-92B2-2BE0459AA0E6} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-01] (McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 084dfbab-44f2-4cd7-8fd0-117b70b81101.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ab74f85b-dcd7-4156-b6f2-e577fb3d82e3.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-02 07:41 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-13 21:42 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 21:42 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-21 19:58 - 2018-02-14 14:24 - 001768976 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2018-03-21 19:58 - 2018-02-14 14:25 - 000583160 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-03-31 08:00 - 2018-03-31 08:00 - 098715224 _____ () C:\Program Files\Opera\52.0.2871.40\opera_browser.dll
2018-01-18 06:31 - 2018-01-18 06:31 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\McCSPMsgBusDLL.dll
2018-03-31 08:00 - 2018-03-31 08:00 - 004439128 _____ () C:\Program Files\Opera\52.0.2871.40\libglesv2.dll
2018-03-31 08:00 - 2018-03-31 08:00 - 000100440 _____ () C:\Program Files\Opera\52.0.2871.40\libegl.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-27 06:34 - 2018-03-27 06:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2018-04-05 19:24 - 2018-04-05 19:24 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 22:16 - 2018-03-09 22:16 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-21 22:43 - 2018-02-21 22:43 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
2018-02-21 22:43 - 2018-02-21 22:43 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-21 22:43 - 2018-02-21 22:43 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntCommon.dll
2018-01-20 11:12 - 2018-01-20 11:12 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-21 22:43 - 2018-02-21 22:43 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntPlat.dll
2018-03-23 06:18 - 2018-03-23 06:19 - 004330496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.1000_x64__8wekyb3d8bbwe\Calculator.exe
2018-03-16 21:32 - 2018-03-16 21:32 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.1000_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-11 15:57 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2018-03-11 15:57 - 2017-09-12 10:34 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-09-22 16:28 - 2017-09-22 16:28 - 000140664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 06:46 - 2017-09-29 06:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\azrat\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
DNS Servers: 192.168.29.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{01885DBB-92A8-4190-A024-170A98742DF6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C9581FF0-E9E3-4103-9518-7FD83405C3AA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1693844E-2272-4169-A88B-E683715A5C75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{50D012B5-1976-450B-B782-EA35C5B290F3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{FBF82D65-0FB9-452E-BC5F-5AF8FE05A42C}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{DCAEB490-580C-45FF-A4A6-D090E9ECEC34}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\outlook.exe
FirewallRules: [{0545FFF8-9A59-4C72-9C8C-D6868C74A111}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{647B07C8-5584-4C40-B3D6-120F25A76DB9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{17196188-C1F3-4091-979A-5FC17A66ADBB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3A9ACC72-971D-47FF-865C-8FAA34783CC3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{62583655-83C7-452D-9B73-7FF2CE65F472}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{31914204-E362-42BC-BB97-D3942E200EEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1B29A035-15AF-45DA-80E2-36B0E8AABDDE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{28E8C385-127A-48BA-9A68-295AC282F40D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A8681721-00DD-48C9-B03E-FFC64ED215CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1710ED38-53B9-4EA3-924F-2E3E69E0C402}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{EC51BAA8-FFC5-4F09-9045-921C04A71F06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{F9641EC0-E54B-4311-A235-D628E34C8278}] => (Allow) C:\Program Files\Opera\51.0.2830.55\opera.exe
FirewallRules: [{4A5C2912-7643-4035-A81F-886F2D00D414}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9FAE9BC4-EA28-4FD2-813E-9E37930BBC81}] => (Allow) C:\Program Files\Opera\52.0.2871.40\opera.exe
 
==================== Restore Points =========================
 
25-03-2018 15:18:31 Windows Modules Installer
06-04-2018 23:36:38 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2018 09:51:46 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/09/2018 06:59:26 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 11:04:48 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 11:04:48 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 07:01:52 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 04:38:57 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 04:38:57 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 12:50:48 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (04/09/2018 05:01:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 04:12:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 02:29:49 PM) (Source: DCOM) (EventID: 10016) (User: 3MDUBS-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user 3MDUBS-LAPTOP\azrat SID (S-1-5-21-4019212909-736558051-2132189764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 02:29:49 PM) (Source: DCOM) (EventID: 10016) (User: 3MDUBS-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user 3MDUBS-LAPTOP\azrat SID (S-1-5-21-4019212909-736558051-2132189764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 02:29:49 PM) (Source: DCOM) (EventID: 10016) (User: 3MDUBS-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user 3MDUBS-LAPTOP\azrat SID (S-1-5-21-4019212909-736558051-2132189764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 01:44:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 01:39:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 01:29:35 PM) (Source: DCOM) (EventID: 10016) (User: 3MDUBS-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user 3MDUBS-LAPTOP\azrat SID (S-1-5-21-4019212909-736558051-2132189764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-04-02 07:42:00.273
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Opera\52.0.2871.40\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-01-20 11:43:22.487
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:42:03.081
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:42:02.394
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:41:38.404
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:41:38.118
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:41:28.908
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:41:28.495
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 48%
Total physical RAM: 16267.89 MB
Available physical RAM: 8320.74 MB
Total Virtual: 18699.89 MB
Available Virtual: 9313.19 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:226.76 GB) (Free:68.63 GB) NTFS
 
\\?\Volume{b7e6d696-a0e3-4849-a376-e8d1251cc207}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.41 GB) FAT32
\\?\Volume{d337f753-0af9-4b57-be3e-1bb2c9bb9656}\ (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
\\?\Volume{5ed7d12d-833d-46d8-a503-463009a47fa0}\ (Image) (Fixed) (Total:9.58 GB) (Free:0.21 GB) NTFS
\\?\Volume{b9d4bd3b-381e-4077-b2a4-218bd2be2f0c}\ (DELLSUPPORT) (Fixed) (Total:1.08 GB) (Free:0.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BE9CE208)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 azrattler

azrattler
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 09 April 2018 - 08:42 PM

I thought I did post it with the other. Sorry, here it is:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by azrat (09-04-2018 18:12:13)
Running from C:\Users\azrat\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2018-01-20 18:45:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4019212909-736558051-2132189764-500 - Administrator - Disabled)
azrat (S-1-5-21-4019212909-736558051-2132189764-1001 - Administrator - Enabled) => C:\Users\azrat
DefaultAccount (S-1-5-21-4019212909-736558051-2132189764-503 - Limited - Disabled)
Guest (S-1-5-21-4019212909-736558051-2132189764-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4019212909-736558051-2132189764-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.49.1 - Asmedia Technology)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Contents64 (HKLM\...\{6E4E6A71-CE25-4DCE-8C81-E0934234B035}) (Version: 21.1.0.90 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{2C033F91-236B-4C29-854D-5CC0F67FE7DA}) (Version: 2.7.355 - Corel corporation) Hidden
Corel VideoStudio Ultimate 2018 (HKLM-x32\...\_{BF97DEDE-1D94-4E94-826A-344D85B45DD1}) (Version: 21.1.0.90 - Corel Corporation)
Dashlane (HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Dashlane) (Version: 5.10.0.18444 - Dashlane, Inc.)
Dell Digital Delivery (HKLM-x32\...\{1B706C33-57B3-411B-BB6E-C4A2CF38AF35}) (Version: 3.4.1002.0 - Dell Products, LP)
Dell Power Manager Service (HKLM\...\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssist Remediation (HKLM\...\{9C32DD4A-3321-4BD5-BD11-C4B18ECE6AE7}) (Version: 3.2.0.4834 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{9ae76d49-72b5-402c-b900-0dc71ab8ebef}) (Version: 3.2.0.4834 - Dell Inc.)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{AB1A407B-E492-4DA1-B024-F96606D1B0B7}) (Version: 3.2.0.4834 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 46.4.65 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
ICA (HKLM-x32\...\{BF97DEDE-1D94-4E94-826A-344D85B45DD1}) (Version: 21.1.0.90 - Corel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.5.1025 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
IPM_VS_Pro64 (HKLM\...\{BB43C25C-CC43-447B-B258-9DAA3E9A1002}) (Version: 21.0 - Corel Corporation) Hidden
Killer Performance Suite (HKLM\...\{680F317F-3BDC-4023-BAB1-0FA006DE033D}) (Version: 1.3.1350 - Rivet Networks)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9259.0 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R9 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Suite 16 (HKLM-x32\...\Movavi Video Suite 16) (Version: 16.5.0 - Movavi)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Opera Stable 52.0.2871.40 (HKLM-x32\...\Opera 52.0.2871.40) (Version: 52.0.2871.40 - Opera Software)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21300 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8245 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{73DEC847-B519-427C-BAAA-9034445703B6}) (Version: 21.1.0.90 - Corel Corporation) Hidden
Share64 (HKLM\...\{E233030D-601B-46F5-A797-771DEEDDBEE3}) (Version: 21.1.0.90 - Corel Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
Thunderbolt™ Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation)
Transfer Utility LE (HKLM-x32\...\{F2C2709B-FB3D-458C-B12E-9AAA5EDCA670}) (Version: 1.02.129 - PIXELA)
VideoStudio 3D Title Editor (HKLM\...\{74CD5094-4410-4C98-9F7D-EC43F99BACE4}) (Version: 1.0.4.85 - Corel Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
VSClassic64 (HKLM\...\{8592E7A8-CA1A-4E55-B2DD-E7A4895807B7}) (Version: 21.1.0.90 - Corel Corporation) Hidden
VSUltimate64 (HKLM\...\{DAB1A9B0-B93C-4EC2-B626-D57478981107}) (Version: 21.1.0.90 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Wondershare Filmora(Build 8.6.1) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\mcctxmenufrmwrk.dll [2018-02-14] (McAfee, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\ki125210.inf_amd64_81939255cd7abffc\igfxDTCM.dll [2017-11-13] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\mcctxmenufrmwrk.dll [2018-02-14] (McAfee, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {011A6231-4FBF-45BE-B7A1-A4979B746816} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {016DE599-3EC8-46C7-BD2A-578E8CECC1B5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {026302FF-AA78-4AC9-937D-9095FB61F1CF} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {1B380115-4810-4CA6-A7F5-383E6CD84B36} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-03] (Microsoft Corporation)
Task: {1C30E128-1D09-4ED1-A92F-94F3438616FE} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {1D5EE012-7B19-4B71-91D8-257CFB1E137E} - System32\Tasks\SUPERAntiSpyware Scheduled Task ab74f85b-dcd7-4156-b6f2-e577fb3d82e3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {22F3BF58-714E-402F-8945-C39875478285} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {28CC2381-576C-42EB-8FE4-77F112A9A9FB} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-20] (McAfee, LLC.)
Task: {2D3E1915-D321-48B6-95C8-D59EA1527998} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {3C3A3DCE-25FD-454F-9C14-094D5729B123} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {404476B5-464B-46A2-A32C-639857CD44FC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {4632E03E-3F0E-43AF-B9B1-720F3ED4F0F2} - System32\Tasks\CorelUpdateHelperTask-769BDF19B0A3BD0D863F69221654D7E7 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {566F58CF-AC13-433C-830C-977B9EDD505A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {68BCB9BD-4D50-4215-AED1-2569E082064A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-03] (Microsoft Corporation)
Task: {839DE4CD-BFA3-4C47-B0CE-5A6342857960} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-26] (Dropbox, Inc.)
Task: {92B575E1-086E-4C36-9866-F2A25AC80444} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {9D0BBA50-402A-4AE6-8E62-19AC3F9EB147} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => ConditionalAppStarter.exe
Task: {A0F2F265-DC1E-4F1A-B902-EF92E306D001} - System32\Tasks\SUPERAntiSpyware Scheduled Task 084dfbab-44f2-4cd7-8fd0-117b70b81101 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {A93FA077-A584-4C0F-8046-93F30E4A56DA} - System32\Tasks\VideoStudioUpdater => c:\Program Files\Corel\Corel VideoStudio 2018\VSNotification.exe [2018-01-29] ()
Task: {AD8E4B7B-BC0A-467C-A4C7-E5DC9A3C8B44} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {B2775338-9959-42D8-836D-CEBEE24DB8D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {B924516A-807C-45C1-97B1-C1A06B99C049} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {BE450164-1CCA-4AAA-9D51-B18CF11A7A6E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C630EB29-893B-498D-805A-89FBBE9678FE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {C98314A8-F6C5-46A1-9CDE-68022099EE6B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {CF2A5FA9-87FD-443B-85D1-A53DAB07DA7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {D1C92ADE-E40E-45C6-86DC-18A511533736} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {D7480103-4F1A-4AED-AF8A-A2B050BE5ABA} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
Task: {D7493DB4-AE96-4FED-864C-D8EC284FC7F6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {DA321849-03B8-46B2-BEDA-87B179C90DAD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-04-03] (Microsoft Corporation)
Task: {DBE4A0CC-2512-41D7-9484-0C094057C618} - System32\Tasks\Opera scheduled Autoupdate 1516471308 => C:\Program Files\Opera\launcher.exe [2018-03-28] (Opera Software)
Task: {F79FDA3C-376C-4824-8744-4F77B27DBCFA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-26] (Dropbox, Inc.)
Task: {FB15734D-5B5F-4632-92B2-2BE0459AA0E6} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-01] (McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 084dfbab-44f2-4cd7-8fd0-117b70b81101.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ab74f85b-dcd7-4156-b6f2-e577fb3d82e3.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-02 07:41 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-13 21:42 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 21:42 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-21 19:58 - 2018-02-14 14:24 - 001768976 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2018-03-21 19:58 - 2018-02-14 14:25 - 000583160 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-03-31 08:00 - 2018-03-31 08:00 - 098715224 _____ () C:\Program Files\Opera\52.0.2871.40\opera_browser.dll
2018-01-18 06:31 - 2018-01-18 06:31 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.8.309.0\McCSPMsgBusDLL.dll
2018-03-31 08:00 - 2018-03-31 08:00 - 004439128 _____ () C:\Program Files\Opera\52.0.2871.40\libglesv2.dll
2018-03-31 08:00 - 2018-03-31 08:00 - 000100440 _____ () C:\Program Files\Opera\52.0.2871.40\libegl.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-27 06:34 - 2018-03-27 06:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-27 06:34 - 2018-03-27 06:34 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2018-04-05 19:24 - 2018-04-05 19:24 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 22:16 - 2018-03-09 22:16 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-21 22:43 - 2018-02-21 22:43 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
2018-02-21 22:43 - 2018-02-21 22:43 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-21 22:43 - 2018-02-21 22:43 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntCommon.dll
2018-01-20 11:12 - 2018-01-20 11:12 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-21 22:43 - 2018-02-21 22:43 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntPlat.dll
2018-03-23 06:18 - 2018-03-23 06:19 - 004330496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.1000_x64__8wekyb3d8bbwe\Calculator.exe
2018-03-16 21:32 - 2018-03-16 21:32 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.1000_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-11 15:57 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2018-03-11 15:57 - 2017-09-12 10:34 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-09-22 16:28 - 2017-09-22 16:28 - 000140664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 06:46 - 2017-09-29 06:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\azrat\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
DNS Servers: 192.168.29.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{01885DBB-92A8-4190-A024-170A98742DF6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C9581FF0-E9E3-4103-9518-7FD83405C3AA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1693844E-2272-4169-A88B-E683715A5C75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{50D012B5-1976-450B-B782-EA35C5B290F3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{FBF82D65-0FB9-452E-BC5F-5AF8FE05A42C}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{DCAEB490-580C-45FF-A4A6-D090E9ECEC34}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\outlook.exe
FirewallRules: [{0545FFF8-9A59-4C72-9C8C-D6868C74A111}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{647B07C8-5584-4C40-B3D6-120F25A76DB9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{17196188-C1F3-4091-979A-5FC17A66ADBB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3A9ACC72-971D-47FF-865C-8FAA34783CC3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{62583655-83C7-452D-9B73-7FF2CE65F472}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{31914204-E362-42BC-BB97-D3942E200EEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1B29A035-15AF-45DA-80E2-36B0E8AABDDE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{28E8C385-127A-48BA-9A68-295AC282F40D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A8681721-00DD-48C9-B03E-FFC64ED215CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1710ED38-53B9-4EA3-924F-2E3E69E0C402}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{EC51BAA8-FFC5-4F09-9045-921C04A71F06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{F9641EC0-E54B-4311-A235-D628E34C8278}] => (Allow) C:\Program Files\Opera\51.0.2830.55\opera.exe
FirewallRules: [{4A5C2912-7643-4035-A81F-886F2D00D414}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9FAE9BC4-EA28-4FD2-813E-9E37930BBC81}] => (Allow) C:\Program Files\Opera\52.0.2871.40\opera.exe
 
==================== Restore Points =========================
 
25-03-2018 15:18:31 Windows Modules Installer
06-04-2018 23:36:38 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2018 09:51:46 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/09/2018 06:59:26 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 11:04:48 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 11:04:48 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 07:01:52 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 04:38:57 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 04:38:57 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (04/08/2018 12:50:48 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (04/09/2018 05:01:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 04:12:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 02:29:49 PM) (Source: DCOM) (EventID: 10016) (User: 3MDUBS-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user 3MDUBS-LAPTOP\azrat SID (S-1-5-21-4019212909-736558051-2132189764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 02:29:49 PM) (Source: DCOM) (EventID: 10016) (User: 3MDUBS-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user 3MDUBS-LAPTOP\azrat SID (S-1-5-21-4019212909-736558051-2132189764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 02:29:49 PM) (Source: DCOM) (EventID: 10016) (User: 3MDUBS-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user 3MDUBS-LAPTOP\azrat SID (S-1-5-21-4019212909-736558051-2132189764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 01:44:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 01:39:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 01:29:35 PM) (Source: DCOM) (EventID: 10016) (User: 3MDUBS-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user 3MDUBS-LAPTOP\azrat SID (S-1-5-21-4019212909-736558051-2132189764-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-04-02 07:42:00.273
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Opera\52.0.2871.40\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-01-20 11:43:22.487
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:42:03.081
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:42:02.394
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:41:38.404
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:41:38.118
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:41:28.908
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-20 11:41:28.495
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 48%
Total physical RAM: 16267.89 MB
Available physical RAM: 8320.74 MB
Total Virtual: 18699.89 MB
Available Virtual: 9313.19 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:226.76 GB) (Free:68.63 GB) NTFS
 
\\?\Volume{b7e6d696-a0e3-4849-a376-e8d1251cc207}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.41 GB) FAT32
\\?\Volume{d337f753-0af9-4b57-be3e-1bb2c9bb9656}\ (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
\\?\Volume{5ed7d12d-833d-46d8-a503-463009a47fa0}\ (Image) (Fixed) (Total:9.58 GB) (Free:0.21 GB) NTFS
\\?\Volume{b9d4bd3b-381e-4077-b2a4-218bd2be2f0c}\ (DELLSUPPORT) (Fixed) (Total:1.08 GB) (Free:0.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BE9CE208)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:16 PM

Posted 09 April 2018 - 08:45 PM

Thank you Jim.

Let's start with this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-4019212909-736558051-2132189764-1001 -> DefaultScope {83A2F977-8ADE-4003-8A10-774BE90CE778} URL = 
SearchScopes: HKU\S-1-5-21-4019212909-736558051-2132189764-1001 -> {83A2F977-8ADE-4003-8A10-774BE90CE778} URL = 
FF HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\azrat\AppData\Roaming\Dashlane\5.5.0.14947\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
Folder: C:\Users\azrat\AppData\Local\videoeditor
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

If the red screen appears again please take a screen shot of this window and attach it to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Fixlog
  • Update on browser behavior
  • Screen shot, if applicable

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 azrattler

azrattler
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 09 April 2018 - 09:40 PM

Nothing new on the browser. The red screen has not popped up since this morning. Not sure about the :thumbsup2:

The AdwCleaner txt and fixlog txt are below. After running the AdwCleaner it said there were no threats. I then ran the FRST fix in normal mode, highlighting the section like you said. When done it rebooted to complete.

 

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 10 02:21:14 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-04-09.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by azrat (09-04-2018 19:28:46) Run:1
Running from C:\Users\azrat\Desktop
Loaded Profiles: azrat (Available Profiles: azrat)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-4019212909-736558051-2132189764-1001 -> DefaultScope {83A2F977-8ADE-4003-8A10-774BE90CE778} URL =
SearchScopes: HKU\S-1-5-21-4019212909-736558051-2132189764-1001 -> {83A2F977-8ADE-4003-8A10-774BE90CE778} URL =
FF HKU\S-1-5-21-4019212909-736558051-2132189764-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\azrat\AppData\Roaming\Dashlane\5.5.0.14947\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
Folder: C:\Users\azrat\AppData\Local\videoeditor
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-4019212909-736558051-2132189764-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-4019212909-736558051-2132189764-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83A2F977-8ADE-4003-8A10-774BE90CE778}" => removed successfully
HKLM\Software\Classes\CLSID\{83A2F977-8ADE-4003-8A10-774BE90CE778} => not found
"HKU\S-1-5-21-4019212909-736558051-2132189764-1001\Software\Mozilla\Firefox\Extensions\\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}" => removed successfully

========================= Folder: C:\Users\azrat\AppData\Local\videoeditor ========================

2018-04-07 17:12 - 2018-04-07 17:12 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\azrat\AppData\Local\videoeditor\Movavi
2018-04-07 17:12 - 2018-04-09 13:13 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\azrat\AppData\Local\videoeditor\Movavi\suite 16.5.0
2018-04-09 13:13 - 2018-04-09 13:13 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\azrat\AppData\Local\videoeditor\Movavi\suite 16.5.0\videoeditor.ini

====== End of Folder: ======


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45623570 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 43604791 B
Edge => 574974 B
Chrome => 0 B
Firefox => 41992244 B
Opera => 497466614 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 385506 B
systemprofile32 => 0 B
LocalService => 27038 B
NetworkService => 4000 B
azrat => 9137487 B

RecycleBin => 3164589346 B
EmptyTemp: => 3.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:29:34 ====



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:16 PM

Posted 09 April 2018 - 10:22 PM

Great.

While we monitor things please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 azrattler

azrattler
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 09 April 2018 - 11:54 PM

I did as the instructions stated. There was no threats found so I clicked the uninstall button and then finish but it gave me an error and would not uninstall. So its still on my computer. But like I said there was no threats found. It did not give me a text file either. 

Computer is running like normal for now with little slow downs here and there. Will continue tomorrow after work. Thank you for your help so far.

Should I uninstall the program?



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:16 PM

Posted 10 April 2018 - 09:04 AM

We can uninstall it once we determine your computer is behaving properly. Give it some time then post an update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 azrattler

azrattler
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 April 2018 - 11:29 PM

Daily update: Computer is still glitching at times. But no red screen today. The red usually doesn't happen every day however, it seems to pop up every week or two. Not a daily occurrence. Will post again tomorrow with status.

Jim



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:16 PM

Posted 11 April 2018 - 09:16 AM

Thanks Jim.

Can your describe what "glitching" means? I don't think it is malware related but we can check it out.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 azrattler

azrattler
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 11 April 2018 - 09:22 AM

I know this is a weird way to describe it but its all I can think of right now. Have you seen the movie Wreck It Ralph, where the girl towards the end starts flashing in and out kinda? Well its almost like that but to a lesser extent. There is flashes at the top of my screen like the page is trying to do something or another one is popping up but doesn't quit make it. It's difficult to describe, sorry.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:16 PM

Posted 11 April 2018 - 09:45 AM

Does this happen regardless of your activity, i.e. web, videos, programs like Office, or is it limited to one type of activity?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 azrattler

azrattler
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 11 April 2018 - 09:57 AM

This happens regardless of activity, I notice it more when I open my web browsers upon turning on the comp, though more than any other time then at times throughout the usage period but not a constant thing. 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:16 PM

Posted 11 April 2018 - 10:03 AM

Thank you, please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • A SystemSummary file will be created on your Desktop. Attach that file to your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlist
  • Attached SystemSummary report

Edited by Oh My!, 12 April 2018 - 08:18 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users