Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer/Firefox drain of resources Seeking followup assistance from garioch7


  • This topic is locked This topic is locked
166 replies to this topic

#1 sbutk1

sbutk1

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:18 PM

Posted 16 May 2018 - 01:09 PM

Good day to you, Phil.
 
I was hoping not to have to contact Bleeping Computer again after you helped me back in March/April.  However, although my issues seemed to have been alleviated at first, lately they seem to be back in full force. 
 
Similar to when I first sought your help, it seems that if I have my Firefox (v. 61.0b5) browser open with more than just a few tabs open for any appreciable length of time, the computer in general just gets bogged down to the point of utter frustration.  New tabs take forever to load.  The simplest operations, like saving a JPEG image, are apparently an immense burden on resources.  And problems aren’t just limited to the browser; it can take minutes just to copy & paste text into MSWord, or to use MS Excel (in a way that’s totally independent of the browser).
 
Eventually the only way to free myself from the madness is to “kill” Firefox through Task Manager.  And, as I’ve discovered, whatever problem exists doesn’t seem to be limited to browser.  I tried uninstalling it and using MS Internet Explorer instead; that, however was completely unacceptable, as I was unable to operate for more than a few minutes, with even a single tab open.
 
I’m posting a set of freshly-run FRST scans here, in the hopes that you can perhaps offer me some continued assistance.
 
Thank you.
 
-Steve
 
P.S.  Logs to follow in next post...


Experiencing a problem directly pasting log files from the Notepad text file...
 
"An error occurred, You do not have permission for that action.".


Edited by hamluis, 16 May 2018 - 02:44 PM.
Merged posts - Hamluis.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:18 PM

Posted 16 May 2018 - 01:14 PM

Steve:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs once I receive them once I receive them.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:18 PM

Posted 16 May 2018 - 01:16 PM

Steve:

 

Please try attaching the "FRST.txt" and "Addition.txt" files to a reply.  That makes it slower for me, but I will follow up to find out what is causing your copy/paste issues, because it slows down the analysis when logs are attached.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:18 PM

Posted 16 May 2018 - 08:43 PM

Hi Phil!

 

Thanks again for your previous help, and for agreeing to pick up my case once again.  I do regret that I've had to come back, but as I've mentioned above the problems that had been plaguing me before abated for a little, but now seem to have come back in full force.  My initial attempts to post my FRST.txt and Addition.txt have for whatever reason so far been unsuccessful; thus I'll try your suggestion with regard to including the files as attachments.  Hoping it works this time...

 

Thanks, and have a good evening.

-Steve

 

 

Attached File  Addition.txt   32.32KB   10 downloads


Edited by garioch7, 17 May 2018 - 05:28 AM.
delete "FRST.txt" attachment to protect privacy


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:18 PM

Posted 17 May 2018 - 04:06 AM

Posting the FRST scan logs attached to the previous post for the information of all users and to facilitate malware detection analysis.  Logs also edited to protect privacy of user.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by Steve (administrator) on STEVE-PC (16-05-2018 10:45:54)
Running from C:\Users\Steve\Documents\Computer Stuff 2\FRST Results, 2018.05.16
Loaded Profiles: Steve (Available Profiles: Steve)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-12-01] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-760699709-3465939181-808897853-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-760699709-3465939181-808897853-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1462184 2018-03-27] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-760699709-3465939181-808897853-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1462184 2018-03-27] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-05-02]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-05-02]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4045AEEE-7EBD-4F06-8ADD-796C11F3457E}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-21-760699709-3465939181-808897853-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-760699709-3465939181-808897853-1000 -> DefaultScope {D1D2F467-4B35-4ADD-98B0-0EA7EF9A7D6D} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-07-30] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-17] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-17] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-07-30] (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
 
FireFox:
========
FF DefaultProfile: 6xvr9sfz.default-1483740629339-1525449806208
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\obiafvk2.Steve recover [2018-03-28]
FF Session Restore: Mozilla\Firefox\Profiles\obiafvk2.Steve recover -> is enabled.
FF Extension: (Webroot Password Manager) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\obiafvk2.Steve recover\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2017-05-02]
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\6xvr9sfz.default-1483740629339-1525449806208 [2018-05-16]
FF Session Restore: Mozilla\Firefox\Profiles\6xvr9sfz.default-1483740629339-1525449806208 -> is enabled.
FF Extension: (Flash Video Downloader) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\6xvr9sfz.default-1483740629339-1525449806208\Extensions\artur.dubovoy@gmail.com.xpi [2018-05-05]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-05-10] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-09-19] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-07-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-09-19] (RealPlayer Cloud)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1175056 2018-03-27] (Garmin Ltd. or its subsidiaries)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-19] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslb9ba10c2; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74D789CF-2B66-4249-8545-8A273C72AE0D}\MpKslb9ba10c2.sys [58120 2018-05-15] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [31040 2014-04-29] (EldoS Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-16 10:45 - 2018-05-16 10:45 - 000000000 ____D C:\FRST
 
2018-05-14 20:10 - 2018-05-14 20:12 - 003124641 _____ C:\Users\Steve\Downloads\Merge[Low,538x360].mp4
2018-05-14 20:09 - 2018-05-14 20:18 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526342960537
2018-05-14 20:04 - 2018-05-14 20:18 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526342693008
2018-05-14 20:02 - 2018-05-14 20:36 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526342572886
2018-05-14 20:02 - 2018-05-14 20:19 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526342527827
2018-05-14 20:02 - 2018-05-14 20:02 - 000000046 _____ C:\Users\Steve\Downloads\WNBR Manchester 2017 part 4[SD,854x480].mp4
2018-05-14 20:01 - 2018-05-14 20:53 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526342487044
2018-05-14 16:52 - 2018-05-14 16:58 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526331159748
2018-05-11 14:37 - 2018-05-11 14:40 - 005415767 _____ C:\Users\Steve\Downloads\Uphill Battle Broncos run hill sprints for conditioning[Low,480x360, Mp4].mp4
2018-05-11 14:36 - 2018-05-11 14:45 - 018566611 _____ C:\Users\Steve\Downloads\Ontario woman arrested, jailed in US for driving with a Canadian[Low,640x360].mp4
2018-05-11 14:36 - 2018-05-11 14:43 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526063758423
018-05-11 14:15 - 2018-05-11 14:18 - 006537434 _____ C:\Users\Steve\Downloads\Kitchen ASMR - Washing Dishes Sound[Low,640x360].mp4
2018-05-11 14:15 - 2018-05-11 14:18 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526062543110
2018-05-11 14:13 - 2018-05-11 14:18 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526062372813
2018-05-11 14:12 - 2018-05-11 14:18 - 025649937 _____ C:\Users\Steve\Downloads\Rudy Giuliani Keeps Making Things Worse for Trump A Closer[Low,640x360].mp4
2018-05-11 14:10 - 2018-05-11 14:28 - 179927518 _____ C:\Users\Steve\Downloads\The John Elway Story From High School Prodigy to the Hall of[Low,480x360, Mp4].mp4
2018-05-11 14:08 - 2018-05-11 14:09 - 005470954 _____ C:\Users\Steve\Downloads\Highlights of New QB Case Keenum Leading the Broncos Offense[Low,480x360, Mp4].mp4
2018-05-11 14:07 - 2018-05-11 14:09 - 001962022 _____ C:\Users\Steve\Downloads\Preview An American Becomes British Royalty  MEGHAN MARKLE AN[Low,640x360].mp4
2018-05-11 14:02 - 2018-05-11 14:03 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526061461357
2018-05-11 13:57 - 2018-05-11 14:03 - 001301547 _____ C:\Users\Steve\Downloads\MS Experimental Psychology[Low,640x360].mp4
2018-05-11 13:49 - 2018-05-11 13:50 - 011195310 _____ C:\Users\Steve\Downloads\Without Iran Plan, President Trump Destroys US Credibility u0026[Low,640x360].mp4
2018-05-11 13:46 - 2018-05-11 13:47 - 004481450 _____ C:\Users\Steve\Downloads\What is the Iran nuclear deal - BBC News[3D Low,426x240].mp4
2018-05-11 13:45 - 2018-05-11 13:48 - 020885000 _____ C:\Users\Steve\Downloads\Rich Photographer vs Poor Photographer[Low,640x360].mp4
2018-05-11 12:14 - 2018-05-11 12:22 - 009299455 _____ C:\Users\Steve\Downloads\Trump pulls US out of Iran nuclear deal, says hell reinstate[Low,640x360].mp4
2018-05-11 12:14 - 2018-05-11 12:22 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1526055239899
2018-05-11 12:08 - 2018-05-11 12:08 - 007463403 _____ C:\Users\Steve\Downloads\Josey Jewell brings outlaw approach to Broncos rookie class[Low,640x360].mp4
2018-05-10 23:04 - 2018-05-10 23:04 - 000573841 _____ C:\Users\Steve\Downloads\White House Pay No Attention To Donald Trump Tweet About First.mp4
2018-05-09 10:47 - 2018-04-23 14:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-09 10:47 - 2018-04-23 14:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-09 10:47 - 2018-04-22 20:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-09 10:47 - 2018-04-22 20:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-09 10:47 - 2018-04-22 20:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-09 10:47 - 2018-04-22 20:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-09 10:47 - 2018-04-22 20:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-09 10:47 - 2018-04-22 20:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-09 10:47 - 2018-04-22 20:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-09 10:47 - 2018-04-22 20:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-09 10:47 - 2018-04-22 20:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-09 10:47 - 2018-04-22 19:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-09 10:47 - 2018-04-22 19:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-09 10:47 - 2018-04-22 19:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-09 10:47 - 2018-04-22 19:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-09 10:47 - 2018-04-22 19:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-09 10:47 - 2018-04-22 19:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-09 10:47 - 2018-04-22 19:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-09 10:47 - 2018-04-22 19:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-09 10:47 - 2018-04-22 19:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-09 10:47 - 2018-04-22 19:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-09 10:47 - 2018-04-22 19:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-09 10:47 - 2018-04-22 19:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-09 10:47 - 2018-04-22 19:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-09 10:47 - 2018-04-22 19:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-09 10:47 - 2018-04-22 19:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-09 10:47 - 2018-04-22 19:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-09 10:47 - 2018-04-22 19:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-09 10:47 - 2018-04-22 19:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-09 10:47 - 2018-04-22 19:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-09 10:47 - 2018-04-22 19:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-09 10:47 - 2018-04-22 19:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-09 10:47 - 2018-04-22 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-09 10:47 - 2018-04-22 19:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-09 10:47 - 2018-04-22 19:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-09 10:47 - 2018-04-22 19:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-09 10:47 - 2018-04-22 19:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-09 10:47 - 2018-04-22 19:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-09 10:47 - 2018-04-22 19:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 19:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-09 10:47 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-09 10:47 - 2018-04-22 03:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-09 10:47 - 2018-04-22 03:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-09 10:47 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-09 10:47 - 2018-04-22 03:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-09 10:47 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-09 10:47 - 2018-04-22 03:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-09 10:47 - 2018-04-22 03:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-09 10:47 - 2018-04-22 03:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-09 10:47 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-09 10:47 - 2018-04-22 03:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-09 10:47 - 2018-04-22 03:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-09 10:47 - 2018-04-22 03:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-09 10:47 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-09 10:47 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-09 10:47 - 2018-04-22 03:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-09 10:47 - 2018-04-22 03:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-09 10:47 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-09 10:47 - 2018-04-22 03:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-09 10:47 - 2018-04-22 03:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-09 10:47 - 2018-04-22 03:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-09 10:47 - 2018-04-22 03:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-09 10:47 - 2018-04-22 03:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-09 10:47 - 2018-04-22 03:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-09 10:47 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-09 10:47 - 2018-04-22 03:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-09 10:47 - 2018-04-22 03:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-09 10:47 - 2018-04-22 03:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-09 10:47 - 2018-04-22 03:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-09 10:47 - 2018-04-22 03:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-09 10:47 - 2018-04-22 03:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-09 10:47 - 2018-04-22 03:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-09 10:47 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-09 10:47 - 2018-04-22 03:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-09 10:47 - 2018-04-22 02:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-09 10:47 - 2018-04-22 02:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-09 10:47 - 2018-04-22 02:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-09 10:47 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-09 10:47 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-09 10:47 - 2018-04-22 02:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-09 10:47 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-09 10:47 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-09 10:47 - 2018-04-22 02:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-09 10:47 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-09 10:47 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-09 10:47 - 2018-04-22 02:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-09 10:47 - 2018-04-22 02:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-09 10:47 - 2018-04-22 02:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-09 10:47 - 2018-04-22 02:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-09 10:47 - 2018-04-22 02:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-09 10:47 - 2018-04-22 02:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-09 10:47 - 2018-04-22 02:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-09 10:47 - 2018-04-22 02:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-09 10:47 - 2018-04-22 02:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-09 10:47 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-09 10:47 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-09 10:47 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-09 10:47 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-09 10:47 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-09 10:47 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-09 10:47 - 2018-04-22 02:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-09 10:47 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-09 10:47 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-09 10:47 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-09 10:47 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-09 10:47 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-09 10:47 - 2018-04-18 12:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-09 10:47 - 2018-04-18 12:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-05-09 10:47 - 2018-04-18 11:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-09 10:47 - 2018-04-18 11:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-05-09 10:47 - 2018-04-18 11:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-05-09 10:47 - 2018-04-18 11:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-05-09 10:47 - 2018-04-11 12:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-09 10:47 - 2018-04-11 12:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-09 10:47 - 2018-04-11 12:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-09 10:47 - 2018-04-11 12:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-09 10:47 - 2018-04-10 15:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-09 10:47 - 2018-04-10 12:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-05-09 10:47 - 2018-04-10 12:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-05-09 10:47 - 2018-04-10 12:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-09 10:47 - 2018-04-10 12:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-09 10:47 - 2018-04-10 12:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-09 10:47 - 2018-04-10 12:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-09 10:47 - 2018-04-10 12:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-05-09 10:47 - 2018-04-10 11:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-09 10:47 - 2018-04-10 11:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-09 10:47 - 2018-04-10 11:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-09 10:47 - 2018-04-10 11:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-09 10:47 - 2018-04-07 12:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-09 10:47 - 2018-03-18 18:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-09 10:47 - 2018-03-18 18:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-09 10:47 - 2018-03-14 13:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-09 10:47 - 2018-03-14 13:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-09 10:47 - 2018-03-14 13:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-09 10:47 - 2018-03-14 13:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-09 10:47 - 2018-03-14 13:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-05-09 10:47 - 2018-03-14 12:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-09 10:47 - 2018-03-14 12:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-09 10:47 - 2018-03-14 12:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-09 10:47 - 2018-03-14 12:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-05-09 10:47 - 2018-03-14 12:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-09 10:47 - 2018-03-14 12:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-09 10:47 - 2018-03-14 12:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-09 10:47 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-09 10:47 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-09 10:47 - 2018-03-14 12:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-09 10:47 - 2018-03-14 12:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-05-08 20:10 - 2018-05-08 20:11 - 004104574 _____ C:\Users\Steve\Downloads\Trump US will withdraw from the Iran nuclear deal[Low,640x360].mp4
2018-05-08 20:04 - 2018-05-08 20:04 - 003047600 _____ C:\Users\Steve\Downloads\Trump announces US withdrawal from the Iran nuclear deal[Low,640x360].mp4
2018-05-07 22:40 - 2018-05-07 22:41 - 015180851 _____ C:\Users\Steve\Downloads\Top 10 Denver Broncos LB Von Miller plays  2017 season[Low,480x360, Mp4].mp4
2018-05-04 12:03 - 2018-05-04 12:03 - 000000000 ____D C:\Users\Steve\Desktop\Old Firefox Data
2018-05-02 21:21 - 2018-05-02 21:21 - 000132284 _____ C:\Users\Steve\Downloads\Gen'l Fund 2018.xlsx
2018-04-30 14:15 - 2018-04-30 14:15 - 000089979 _____ C:\Users\Steve\Downloads\LG-7YY2-2LLK-JZK6-9VRR.pdf
2018-04-27 12:04 - 2018-04-27 12:05 - 004000016 _____ C:\Users\Steve\Downloads\May 2018.pdf
2018-04-26 22:45 - 2018-04-26 22:45 - 000039599 _____ C:\Users\Steve\Downloads\archive(6).zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-16 10:30 - 2009-07-14 00:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-16 10:30 - 2009-07-14 00:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-16 10:28 - 2013-10-14 16:49 - 000000000 ____D C:\Users\Steve\Documents\Computer Stuff 2
2018-05-16 10:21 - 2014-12-26 22:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-16 10:19 - 2016-11-16 22:03 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-16 10:06 - 2016-11-16 10:32 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2018-05-15 23:10 - 2018-03-27 11:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-15 23:10 - 2018-03-27 11:41 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-15 21:05 - 2015-12-14 12:04 - 000749568 _____ C:\errlog.dat
2018-05-15 20:21 - 2013-09-09 16:20 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-05-15 20:21 - 2013-09-09 16:20 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-05-15 20:21 - 2013-09-09 16:12 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-05-15 20:20 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-15 13:25 - 2018-04-06 15:54 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2018-05-15 09:55 - 2014-08-26 10:10 - 000000000 ____D C:\Users\Steve\AppData\Local\Adobe
2018-05-11 14:46 - 2013-11-23 23:40 - 000000000 ____D C:\Users\Steve\AppData\Local\CrashDumps
2018-05-11 09:52 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-05-10 18:50 - 2009-07-14 01:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-10 18:50 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-05-10 13:19 - 2017-07-17 21:24 - 000501032 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-09 23:13 - 2013-10-16 10:10 - 000000000 ____D C:\Windows\system32\MRT
2018-05-09 23:10 - 2017-10-12 10:16 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-09 23:10 - 2013-10-16 10:10 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-09 23:06 - 2011-02-10 10:33 - 000776166 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-09 10:38 - 2018-03-14 10:37 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-09 10:38 - 2013-09-09 16:03 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-09 10:38 - 2013-09-09 16:03 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-09 10:38 - 2013-09-09 16:03 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-09 10:37 - 2013-09-09 16:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-09 10:37 - 2013-09-09 16:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-27 13:33 - 2013-09-09 16:16 - 000000000 ____D C:\ProgramData\PCDr
2018-04-26 20:14 - 2014-12-11 10:26 - 000000000 ____D C:\Windows\system32\appraiser
 
==================== Files in the root of some directories =======
 
2017-05-02 17:51 - 2017-05-02 17:52 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2017-11-05 23:13 - 2017-11-05 23:13 - 000000022 _____ () C:\Users\Steve\AppData\Roaming\splitterdirectorys.txt
2013-10-14 22:51 - 2013-10-28 23:19 - 000007602 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-08 12:52
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by Steve (16-05-2018 10:52:24)
Running from C:\Users\Steve\Documents\Computer Stuff 2\FRST Results, 2018.05.16
Windows 7 Professional Service Pack 1 (X64) (2013-10-12 19:42:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-760699709-3465939181-808897853-500 - Administrator - Disabled)
Guest (S-1-5-21-760699709-3465939181-808897853-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-760699709-3465939181-808897853-1002 - Limited - Enabled)
Steve (S-1-5-21-760699709-3465939181-808897853-1000 - Administrator - Enabled) => C:\Users\Steve
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{3DE56A70-06BA-4863-8FBB-45D041AF0C7A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ArcSoft PhotoStudio 6 (HKLM-x32\...\{B4BD4DFB-0A22-43EC-A2D4-BF515E9A546F}) (Version: 6.0.5.180 - ArcSoft)
ArcSoft PhotoStudio 6 (HKLM-x32\...\{F95BCC10-FDA6-45BC-9AEC-C4CCCB385844}) (Version: 6.0.5.180 - ArcSoft)
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CDRoller version 10.0 (HKLM-x32\...\CDRoller_is1) (Version: 10.0 - Digital Atlantic Corp.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (HKLM-x32\...\{B7768089-44E1-4B51-9213-737959C689E5}) (Version: 6.3.0.0 - Garmin Ltd or its subsidiaries) Hidden
Free MP4 Splitter (HKLM-x32\...\{38ECB700-186E-4E87-996C-54290D4412BE}) (Version: 1.0.0 - Media Freeware)
FVD Downloader Module (HKLM-x32\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)
Garmin Express (HKLM-x32\...\{178D3388-656C-4326-BFFF-3607481CA5BB}) (Version: 6.3.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{aa902576-9ab8-4371-98d1-efde885f775b}) (Version: 6.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{C6C8A534-050C-40E9-92FC-4D06A8A487C8}) (Version: 6.3.0.0 - Garmin Ltd or its subsidiaries) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-760699709-3465939181-808897853-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0 (x64 en-US)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Newegg Download Manager (HKLM-x32\...\Newegg Download Manager) (Version: 1.1.5 - Newegg)
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
RealDownloader (HKLM-x32\...\{7FBAD091-89F7-4C77-A224-15FF4423C7D2}) (Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
SeaTools for Windows 1.4.0.6 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.6 - Seagate Technology)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Stellarium 0.12.4 (HKLM-x32\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2014-09-19] (RealNetworks, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-12-14] (Intel Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {19FAA7C7-815C-45A9-B599-98CC1B9E1D4F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {1A98C21A-ABAB-4263-8EF4-ED1205CC55E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {2DC4D1E4-8365-48B6-8E4A-DAF8B5BCD1C0} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.5.15\SymErr.exe
Task: {36F80A46-F5C0-4597-8144-5ED6B1CA5CDE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {54BF8896-8551-4332-8761-4BC275D60C8B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {5556DB75-F8D5-48AB-8861-706E3BAF3645} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {7071DA22-6E72-4C58-9DE6-0012AC246A59} - System32\Tasks\{5CD2F101-E4B0-45F8-9B5C-95291E93F375} => C:\Windows\system32\pcalua.exe -a C:\Users\Steve\Downloads\card-reader-firmware(1).exe -d C:\Users\Steve\Downloads
Task: {727BA05B-D18F-417C-8C14-C7A52C895976} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {7CB81BEC-8BA1-4E3C-88D2-CF7C88CA6C89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {942AEB41-1603-429E-83C1-E5D6ADC5C80E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-03-27] ()
Task: {988A59F0-A13C-4733-A7B0-FE078BDD6CEE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {B50CDDCE-1535-4D30-87B5-732DF5A28511} - System32\Tasks\{DBF458D8-B603-47EB-900D-B88567858E44} => C:\Windows\system32\pcalua.exe -a C:\Users\Steve\Downloads\card-reader-firmware.exe -d C:\Users\Steve\Downloads
Task: {BA6454E0-6131-4E04-9838-6DC153801059} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BEE4709C-601A-4B71-AD30-3FA58E977E71} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {D409BE53-8B27-4763-A316-B0EE6798B9F6} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.5.15\SymErr.exe
Task: {DCE350CD-18A1-4834-A405-7F2FBF59FD0C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {E893A73C-B802-477E-92FA-39E0785769F0} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {ECEC116B-8B01-469B-B0F8-75E61A4095ED} - System32\Tasks\AdobeAAMUpdater-1.0-Steve-PC-Steve => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
ShortcutWithArgument: C:\Users\Public\Desktop\eBay.lnk -> C:\Program Files (x86)\eBay\Browser Launcher.exe (eBay Inc.) -> hxxp://rover.ebay.com/rover/1/711-86042-13409-1/4?mpre=hxxp://ebay.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-08 02:48 - 2017-12-08 02:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-09 17:43 - 2011-12-15 18:34 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-12-11 12:05 - 2017-12-11 12:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-11 12:05 - 2017-12-11 12:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2014-07-30 02:17 - 2014-07-30 02:17 - 000039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-30 05:04 - 2014-07-30 05:04 - 000023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-09-09 16:12 - 2012-01-26 22:49 - 002751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2018-03-27 16:08 - 2018-03-27 16:08 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2014-09-19 13:28 - 2014-09-19 13:28 - 000864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2017-07-10 11:29 - 2013-05-13 17:15 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-05-10 14:02 - 2018-05-10 14:02 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2975ab1f8fc71190f0a11fd7b5ac10dd\IsdiInterop.ni.dll
2013-09-09 16:08 - 2012-02-01 17:25 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [356]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-760699709-3465939181-808897853-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnkCommon Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{C2CD94B1-50F9-4DEF-B606-36824D16157F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EA9DC0DC-DDAF-43BB-BF77-CDB31C1A24F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{029C11E4-3630-4719-9102-3A9C33C599EB}] => (Allow) LPort=2869
FirewallRules: [{817AE9EC-5929-4FCB-A636-E08F783EA568}] => (Allow) LPort=1900
FirewallRules: [{20CAD805-5F52-4622-B6EE-C2D9C09E288F}] => (Allow) C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{294725DA-24E2-42B0-B171-49159EDDEDED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0F11A1A-31C8-4684-9A2A-AFAA21DEC941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72433A72-8FFC-47F4-9C0A-441291761BAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{423B2A6B-4C76-4296-9D42-ADE4B56D904D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{87B4FCAC-CEF3-4511-BE68-DFB11ADF5B82}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{BF175166-1FDD-4C03-A3AE-BC83FDF64884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AC526197-0DC0-496A-A8A5-11786D2D8075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D3D2D10C-8D67-4D8E-B878-F24DFDCF6278}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03618EF0-D143-438B-897E-19490E8473C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A45B555-C711-4995-B8CE-93D2A1F46862}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC4C915F-0F31-4206-A9DE-68F8EE739E23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90F56170-5D8A-4659-A300-8F239140C452}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B9F677C-11CC-4827-87E4-A1A18A31E10F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{7F543235-EF9F-438F-9360-C9F3CD1D8ADE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{15751CCA-BDA0-4CB1-B050-80F1304DD55C}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS9801.tmp\SymNRT.exe
FirewallRules: [{006C7DC7-93CA-460F-8150-99491ECC1D30}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS9801.tmp\SymNRT.exe
FirewallRules: [{09AC49E4-7CDB-4C0B-8215-45D8FF0DAECD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1AB2A8E5-22B5-4030-A183-E8080D4622CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
09-05-2018 22:48:46 Windows Update
09-05-2018 23:04:07 Windows Update
14-05-2018 09:57:46 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/16/2018 09:50:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (05/16/2018 09:50:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (05/16/2018 09:50:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (05/16/2018 09:50:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (05/16/2018 09:50:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (05/16/2018 09:50:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (05/16/2018 09:50:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (05/15/2018 11:33:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15522
 
 
System errors:
=============
Error: (05/15/2018 08:30:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (05/15/2018 08:28:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (05/15/2018 08:26:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Dell Data Vault Processor service hung on starting.
 
Error: (05/15/2018 08:20:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:34:38 PM on ‎5/‎15/‎2018 was unexpected.
 
Error: (05/15/2018 12:05:59 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{df6764c5-199a-11e3-bd5f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{CFABD347-147E-433C-BF2A-0CBAF9EA4034}
 
Error: (05/15/2018 10:32:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (05/15/2018 10:32:55 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (05/15/2018 10:32:55 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
Windows Defender:
===================================
Date: 2018-04-02 15:25:09.803
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{FB3D034B-6176-495E-B3EF-B852BD475138}
Scan Type:AntiSpyware
Scan Parameters:Full Scan
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G2020 @ 2.90GHz
Percentage of memory in use: 53%
Total physical RAM: 3967.53 MB
Available physical RAM: 1829.82 MB
Total Virtual: 7933.23 MB
Available Virtual: 5620.36 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:913.29 GB) (Free:204.93 GB) NTFS
Drive e: (USB20FD) (Removable) (Total:7.59 GB) (Free:6.29 GB) FAT32
Drive k: (My Passport) (Fixed) (Total:3725.99 GB) (Free:1068.7 GB) NTFS
 
\\?\Volume{df6764c4-199a-11e3-bd5f-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:18.18 GB) (Free:10.33 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 00F43051)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.6 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 

Edited by garioch7, 17 May 2018 - 05:01 AM.

Graduate of the Bleeping Computer Malware Removal Study Hall


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:18 PM

Posted 17 May 2018 - 05:09 AM

Steve:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-05-02]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-05-02]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
FF Extension: (Flash Video Downloader) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\6xvr9sfz.default-1483740629339-1525449806208\Extensions\artur.dubovoy@gmail.com.xpi [2018-05-05]
2017-05-02 17:51 - 2017-05-02 17:52 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:18 PM

Posted 17 May 2018 - 03:40 PM

Hoping the copy-and-paste is successful this time.

Here is the result of my freshly completed FRST fix run...

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Steve (17-05-2018 16:12:09) Run:1
Running from C:\Users\Steve\Documents\0 Recent Saves - 2018.03.15 Apr04\Computer Stuff\FRST 2018.05.16
Loaded Profiles: Steve (Available Profiles: Steve)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-05-02]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-05-02]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
FF Extension: (Flash Video Downloader) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\6xvr9sfz.default-1483740629339-1525449806208\Extensions\artur.dubovoy@gmail.com.xpi [2018-05-05]
2017-05-02 17:51 - 2017-05-02 17:52 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir" => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk => moved successfully
C:\Program Files (x86)\Common Files\wruninstall.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk => moved successfully
"C:\Program Files (x86)\Common Files\wruninstall.exe" => not found
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => removed successfully
"HKLM\Software\Classes\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5}" => removed successfully
"HKLM\Software\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => removed successfully
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\6xvr9sfz.default-1483740629339-1525449806208\Extensions\artur.dubovoy@gmail.com.xpi => moved successfully
"C:\Program Files (x86)\Common Files\wruninstall.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64870142 B
Java, Flash, Steam htmlcache => 1088 B
Windows/system/drivers => 128306153 B
Edge => 0 B
Chrome => 0 B
Firefox => 385324589 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 118890 B
Steve => 63588376 B

RecycleBin => 1663856772 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:21:27 ====



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:18 PM

Posted 18 May 2018 - 11:17 AM

Steve:
 
Thank you for running the FRST "fixlist" script and posting the results.  That looks good! :thumbup2:  We are off to a good start! :)
 
I want to proceed with a suite of standard anti-malware scans to look for possible malware that is not detected by FRST.  Let's start with an ESET scan and a Malwarebytes scan.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:18 PM

Posted 19 May 2018 - 01:14 PM

Good afternoon, Phil...

 

I just finished the second of those scans and am ready to report my results.  In summary, the ESETS scan detected *and deleted* 1 threat; the Malwarebytes scan detected 0 threats.

 

I will post those results here (hopefully successful this time, and I don't need to go the Attachment route again), and then address one item of concern.

 

RESULTS (ESETS):

C:\Users\Steve\Downloads\spsetup131.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application       cleaned by deleting

 

 

RESULTS (Malwarebytes):

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 5/19/18

Scan Time: 10:35 AM

Log File: ded3d7f0-5b71-11e8-84ab-c81f6606c9bc.json

Administrator: Yes

 

-Software Information-

Version: 3.5.1.2522

Components Version: 1.0.365

Update Package Version: 1.0.5170

License: Free

 

-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Steve-PC\Steve

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 708058

Threats Detected: 0

(No malicious items detected)

Threats Quarantined: 0

(No malicious items detected)

Time Elapsed: 3 hr, 13 min, 0 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 0

(No malicious items detected)

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

 

 

I will also call to your attention the fact that, in the instructions you provided, I was reminded to turn my virus protection "back on" after running ESETS.  Ever since the last time you helped me back in March/April, I'd ditched Webroot and instead implemented Windows Defender, which is apparently a part of the OS.  However, when I went to turn it back on after running the ESETS, I [repeatedly] received the error message shown in the attachment.  Thus I'm wondering what could be wrong, and also about the fact that I seem to currently have an unprotected computer.

 

 

 

 

 

Thanks, and I look forward to your next reply.

-Steve

Attached Files



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:18 PM

Posted 20 May 2018 - 05:03 AM

Steve:
 
Thank you for running the ESET and Malwarebytes scans.  Is ESET showing up as an installed program?  Go to Control Panel, Programs, Uninstall a Program.
 
If it is listed as an installed program, please uninstall it and reboot your computer.  Third party anti-virus solutions disable Windows Defender to avoid conflicts.  Malwarebytes does not disable Windows Defender.
 
If that does not work, please try following the instructions in this video and then rebooting your computer. You can also try the suggestions in this link if the video does not resolve the issue. If you are uncomfortable with following those instructions, then I will create the registry file for you. Let me know.
 
If that does not work, then let's run a scan to see what it tells us about your security software.  Disregard this step if Windows Defender has been fixed.
 
.
 
:step1: Please download Security Analysis by Rocket Grannie from here.

  • Save it to your Desktop.
  • Disable your security software to avoid potential conflicts.
  • Double-click RGSA.exe.
  • Click OK on the copyright-disclaimer.
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log into your next reply.

Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:18 PM

Posted 22 May 2018 - 12:47 PM

Hi Phil,

 

Sorry for the delay in responding, as I've been away from my computer for much of the last two days.  (Spent most of yesterday birding along the shore in southern NJ)  :)

 

Anyway, so I just got around to the steps you outlined, in terms of trying to diagnose why BitDefender won't start.  Unfortunately I've run into some unexpected results, so I felt I should report it to you before going any further on my own.

 

As I'm sure you figured out, ESETS did not appear in my Control Panel programs.  So next I tried the YouTube video.  I felt that this had promise, since the title exactly matched the error code I received; but this time, when trying to invoke Windows Defender via the Control Panel (i.e. "Start now"), I got a lengthy pause with the hourglass showing, and finally a different error code:

 

0x800106ba

 

 

Although this no longer matched the error code from the YouTube video (i.e. the one I reported initially), I naively followed the ensuing steps in the video, clicking Start and then typing: services.msc; I went to Properties for Windows Defender and changed Startup Type to "Automatic".

 

This unfortunately resulted in the following (attached) error, and I'm unsure what to do from here.

 

 

Thanks,

-Steve

 

 

Attached Files



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:18 PM

Posted 22 May 2018 - 01:18 PM

Steve:

 

Thank you for your post.  Were there ever any other anti-virus applications installed on this computer?

 

It is possible that there are still remnants remaining which are causing issues.  You mention Bitdefender, which I use, but which is difficult to completely remove.  If you ever used a version of Bitdefender, go their website and get their uninstaller for the version that you had.  With 2017 and 2018 products, I know for sure, that there is only one uninstaller for all products in a product year, although I can't be sure about the free version.  "Mr. Google" is your friend. :)

 

If you used another product, then go to their website and download the appropriate cleanup tool and then reboot your computer, if it does not reboot by itself.

 

You can also try re-registering your Defender .dll files.  See this link for more information.

 

Good luck and have a great day.  I am offline for the rest of the day, so no rush on this.  I should check in early tomorrow morning, because I have to be away for most of the day.  "Real life" can really mess up the time I have available for my malware removal vocation! :)  Thursday is mowing day again, so there goes Thursday too!! :(

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:18 PM

Posted 22 May 2018 - 06:06 PM

Hi Phil,

 

Yes, I’ve experimented with various antivirus programs over the years, including BitDefender; Norton for a number of years; McAfee; Kaspersky; and Webroot most recently.  Unfortunately it’d be next to impossible for me to pin down my history, in terms of what I had which year.  …Actually, that list I just provided probably goes back beyond just *this* computer, so I could probably eliminate some of those (which, though?).

 

Anyway, thus I tried following the procedure outline in the link you provided and reregistering my .dll files.  Unfortunately, only 3 of the 9 seem to have reregistered successfully; the remaining 6 all produced new error messages.  Still, I finished those 9 and naively rebooted my computer as told; unsurprisingly, Windows Defender still does not work.

 

Thoughts or suggestions?  I noted your upcoming schedule that you outlined briefly, thanks; no problem at all …I’m just beginning to consider once again whether the “handwriting on the wall” isn’t saying it would probably save a lot of further time and aggravation to go ahead and initiate a complete Windows install at some point.  :/

 

 

-Steve



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:18 PM

Posted 23 May 2018 - 05:54 AM

Steve:

 

Thank you for your post.

 

 

 

I’m just beginning to consider once again whether the “handwriting on the wall” isn’t saying it would probably save a lot of further time and aggravation to go ahead and initiate a complete Windows install at some point.  :/

 

 

 

To be honest, Steve, I don't think that your issues are malware-related.  Personally, if it was my computer, I would cease thrashing around trying to fix the problems.  Over the years, a lot of "detritis" builds up in a computer.  Running powerful anti-malware tools, particularly ComboFix, can really damage a computer beyond the point at which it can be repaired with registry editing and other troubleshooting steps.  Running registry cleaners, system optimizers, and driver updaters can really wreck a computer, beyond what Windows can repair.  I was guilty of those sins before I recognized that I was, in all probability, thereby responsible for the computer issues that I was experiencing.  I don't go near any of that junk software any more.  It is all "snake oil" and very dangerous to the health of your computer.

 

When Windows 10 was first released, I clean installed it on both of my computers.  The space savings were enormous (I don't know why - I reinstalled the same programs and data, and I had been religious about cleaning out temporary files) and both computers worked flawlessly afterwards.  I had had weird issues, particularly with my tower, that I could just not resolve, though I had been trying for months.  It took me a week to get my tower back into shape (I have a lot of programs), but it was well worth the aggravation.  I did run HDD diagnostics, chkdsk, and RAM tests prior to undertaking the reinstalls, but only so that I would not be wasting my time only to sabotaged by possible hardware issues.  Both of my computers were more than five years old.

 

It is your computer, Steve, so it is your decision.  I am more than willing to continue with the standard anti-malware scans, and attempt to resolve your other issues, one by one, as they arise, but quite obviously, I cannot predict whether our efforts will be ultimately successful.

 

Please let me know, at your convenience, how you wish to proceed.  Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#15 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:18 PM

Posted 23 May 2018 - 09:46 AM

Phil,

 

Once again, I have been - and continue to be - immensely appreciative of the time you've spent with me and my computer issues thus far.

I also thank you very much for your honesty in the above post.

 

Although the analytical half of me does want to see this mess through to resolution - which I acknowledge, ala your above post, may never come - and ideally learn how to prevent a similar fate from plaguing a "new" computer... the practical part (which would still like to hold onto whatever little hair I have left) is beginning to see this as a never-ending task that just seems to be morphing into a deeper and deeper, unresolvable mess.  :smash:

 

 

...I have a hunch I already know my answer; but I'm going to mull it over for a day or so just to be sure, and then let you my decision.

 

 

Thanks, as always! 

-Steve






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users