User Tag List

Laptop freezing

This is a discussion on Laptop freezing within the Resolved HJT Threads forums, part of the Tech Support Forum category. My laptop keeps freezing & I have to power it off & restart to get back up. It happens more


 
 
Thread Tools Search this Thread
Old 08-26-2018, 08:53 AM   #1
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



My laptop keeps freezing & I have to power it off & restart to get back up. It happens more when I'm watching videos in full screen or playing a simple game on Facebook. Can someone help?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.17134.1
Run by killi at 8:42:49 on 2018-08-26
Microsoft Windows 10 Home 10.0.17134.0.1252.1.1033.18.8049.4786 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SensorService
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SensrSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHDCPSvc.exe
C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHeciSvc.exe
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NgcSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\Program Files (x86)\Driver Support\DriverSupport.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxEM.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Users\killi\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\killi\AppData\Local\chromium\Application\chrome.exe
C:\Users\killi\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
C:\Users\killi\AppData\Local\chromium\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
C:\Users\killi\AppData\Local\Facebook\Games\FacebookGameroom.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Users\killi\AppData\Local\chromium\Application\chrome.exe
C:\Users\killi\AppData\Local\chromium\Application\chrome.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
C:\Users\killi\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k bcastdvruserservice -s BcastDVRUserService
C:\Program Files\ByteFence\ByteFence.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s XblAuthManager
c:\windows\system32\svchost.exe -k localservice -p -s PhoneSvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_83442e6b6dc95a08e5&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVI3vqYVvFE9IWYWNVA4JqYTNVFdJ6IWvFJdIWYYvFE9GqYVNUI3wGYGwVM3vCoVvFQ9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoVwV5cGWUSNFRcEqULNopcGWUIvmFbF6IXvFQ9J6oXNVU4ICIWwVQ9I6oXNVQ4JaYYwVw4IGYYvFRdJmISvFI9IWYTwVU9I6IWwVQ9IWYWvFM9JmoXvFM9IWYUvFE9IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFM4J6oWvFE3vqYUvFQ4JmISNVA4ICIXwVQ9I6oUvFE4IGYUwVw3vGYTvFFdICISNVNdIGYXvFFdISIVwVI9JCk3wVVdJCIXNoU9GqYYNVc3wCoUQGR7B6RoN9JcMGNaLGR9MWF9QGR7BHFaISopzU0aCaV6CaV4C6wrAo0nx81cMo18NrFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D&param2=NaB4NGVbLGF4
uLocal Page = %11%\blank.htm
BHO: McAfee WebAdvisor: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
StartupFolder: C:\Users\killi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\killi\AppData\Local\Facebook\Games\FacebookGameroom.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://192.168.1.17/WebClient.exe
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.11/codebase/DVM_IPCam2.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8c844491-a4d5-4f69-bc3a-2ac3aea779b6} : DHCPNameServer = 172.51.1.171
TCP: Interfaces\{8cf38701-0fbd-48d3-a0fe-96550aa0aa75} : DHCPNameServer = 192.168.1.1
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: McAfee WebAdvisor: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [WavesSvc] "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
x64-Run: [SmartAudio] C:\Program Files\Conexant\SA3\Dell-Notebook\SACpl.exe /sa3 /nv:3.0+ /uid:Dell-Notebook /s /dne
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.1 mssplus.mcafee.com
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2016-3-17 1462720]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2018-4-11 177192]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2018-4-11 58272]
R0 SgrmAgent;System Guard Runtime Monitor Agent;C:\WINDOWS\System32\drivers\SgrmAgent.sys [2018-4-11 63896]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2018-4-11 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2018-7-18 72768]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2018-4-11 18472]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2018-4-11 209816]
R1 afunix;afunix;C:\WINDOWS\System32\drivers\afunix.sys [2018-4-11 39424]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-11 254464]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-4-11 60320]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2018-4-11 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-4-11 8192]
R1 MpKsl6a070500;MpKsl6a070500;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD18F3B2-49D8-455B-8392-1DFF7FB9341C}\MpKsl6a070500.sys [2018-8-25 58120]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R2 CDPUserSvc_4931c;Connected Devices Platform User Service_4931c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-8-14 414720]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2018-4-11 51288]
R2 cplspcon;Intel(R) Content Protection HDCP Service;C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHDCPSvc.exe [2018-3-22 487856]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2018-4-11 51288]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
R2 DpmLiteDrv;DpmLiteDrv;C:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [2014-10-15 15080]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R2 esifsvc;ESIF Upper Framework Service;C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [2016-9-7 1585784]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxCUIService.exe [2018-3-22 423856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2018-7-19 604824]
R2 OneSyncSvc_4931c;Sync Host_4931c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 rtop;rtop;C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [2017-1-1 297288]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-8-14 760888]
R2 SgrmBroker;System Guard Runtime Monitor Broker;C:\WINDOWS\System32\SgrmBroker.exe [2018-4-11 163336]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2018-4-11 82432]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-4-11 151960]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 WpnUserService_4931c;Windows Push Notifications User Service_4931c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
R3 BcastDVRUserService_4931c;GameDVR and Broadcast User Service_4931c;C:\WINDOWS\System32\svchost.exe -k BcastDVRUserService [2018-4-11 51288]
R3 BTAGService;Bluetooth Audio Gateway Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
R3 BthAvctpSvc;AVCTP service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-4-11 86528]
R3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-4-11 39936]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2018-4-11 60320]
R3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 dptf_acpi;dptf_acpi;C:\WINDOWS\System32\drivers\dptf_acpi.sys [2016-9-7 70208]
R3 dptf_cpu;dptf_cpu;C:\WINDOWS\System32\drivers\dptf_cpu.sys [2016-9-7 65088]
R3 esif_lf;esif_lf;C:\WINDOWS\System32\drivers\esif_lf.sys [2016-9-7 343608]
R3 HidEventFilter;Intel(R) HID Event Filter;C:\WINDOWS\System32\drivers\HidEventFilter.sys [2016-3-17 43512]
R3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-4-11 79360]
R3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-4-11 171520]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-10-15 250624]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2017-12-8 820168]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2018-7-19 111608]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2018-4-11 20992]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2018-4-11 7689728]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 PimIndexMaintenanceSvc_4931c;Contact Data_4931c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 SensorsHIDClassDriver;UMDF Reflector service for Sensors HID Class Driver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2018-4-11 264192]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 UnistoreSvc_4931c;User Data Storage_4931c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 UserDataSvc_4931c;User Data Access_4931c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 VirtualButtons;Intel(R) Virtual Buttons;C:\WINDOWS\System32\drivers\VirtualButtons.sys [2017-3-31 41992]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-6-12 781824]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-7-30 61992]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe [2018-7-30 3905952]
R3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-3-17 143144]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-4-11 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2018-4-11 1135520]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2018-4-11 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2018-4-11 51288]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2018-4-11 9728]
S3 bindflt;Windows Bind Filter Driver;C:\WINDOWS\System32\drivers\bindflt.sys [2018-4-11 92056]
S3 BluetoothUserService_4931c;Bluetooth User Support Service_4931c;C:\WINDOWS\System32\svchost.exe -k BthAppGroup [2018-4-11 51288]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2018-4-11 38304]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2018-4-11 123392]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-4-11 321432]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-4-11 1836952]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-3-17 143144]
S3 DevicePickerUserSvc_4931c;DevicePicker_4931c;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevicesFlowUserSvc_4931c;DevicesFlow_4931c;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-8-14 90624]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2018-4-11 51288]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2018-4-11 51288]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-4-11 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2018-4-11 51288]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-4-11 50592]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2018-4-11 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2018-4-11 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2018-4-11 91648]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-4-11 88576]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-4-11 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2018-4-11 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2018-4-11 113152]
S3 iaStorAVC;Intel Chipset SATA RAID Controller;C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-4-11 885144]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2018-4-11 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-4-11 38912]
S3 InstallService;Microsoft Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2018-4-11 32256]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 ItSas35i;ItSas35i;C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-4-11 145816]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-4-11 124312]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-4-11 128408]
S3 LxpSvc;Language Experience Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2018-4-11 51288]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2018-4-11 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2018-4-11 56736]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-4-11 75160]
S3 megasas35i;megasas35i;C:\WINDOWS\System32\drivers\megasas35i.sys [2018-4-11 82328]
S3 MessagingService_4931c;MessagingService_4931c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-4-11 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2018-4-11 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2018-4-11 175104]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-4-11 197632]
S3 nvdimm;Microsoft NVDIMM device driver;C:\WINDOWS\System32\drivers\nvdimm.sys [2018-4-11 104448]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2018-4-11 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2018-4-11 61848]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2018-4-11 16896]
S3 PrintWorkflowUserSvc_4931c;PrintWorkflow_4931c;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2018-4-11 51288]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2018-4-11 39840]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2018-7-18 1921944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2018-7-18 945568]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2018-4-11 51288]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2018-4-11 104448]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2018-4-11 51288]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2018-8-14 128920]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2018-4-11 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2018-4-11 1273344]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2018-4-11 154528]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2018-4-11 51288]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-4-11 57752]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-6-12 976384]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-6-12 105368]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-7-18 48544]
S3 SWDUMon;SWDUMon;C:\WINDOWS\System32\drivers\SWDUMon.sys [2016-8-21 13920]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2018-4-11 303616]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-4-11 128512]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2018-4-11 152576]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-4-11 57856]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2018-4-11 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2018-6-12 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2018-4-11 282008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2018-4-11 98200]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2018-4-11 144288]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2018-4-11 29088]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-4-11 67992]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2018-4-11 28064]
S3 VacSvc;Volumetric Audio Compositor Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2018-4-11 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2018-8-14 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 WaaSMedicSvc;Windows Update Medic Service;C:\WINDOWS\System32\svchost.exe -k wusvcs -p [2018-4-11 51288]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-4-11 82944]
S3 WdmCompanionFilter;WdmCompanionFilter;C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [2018-4-11 21408]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2018-4-11 51288]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2018-4-11 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-8-14 227840]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2018-4-11 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 WpcMonSvc;Parental Controls;C:\WINDOWS\System32\svchost.exe -k LocalService [2018-4-11 51288]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2018-4-11 59512]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2018-7-18 295424]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2018-4-11 46592]
S4 AESMService;IntelŽ SGX AESM;C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [2015-9-30 3715208]
S4 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-9-7 83768]
S4 ByteFenceService;ByteFence Anti-Malware Service;C:\Program Files\ByteFence\ByteFenceService.exe [2018-5-15 157512]
S4 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 1413736]
S4 CxAudMsg;Conexant Audio Message Service;C:\WINDOWS\System32\CxAudMsg64.exe [2016-3-17 206552]
S4 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\Dell-Notebook\CxUtilSvc.exe [2016-3-17 135288]
S4 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2016-12-21 130936]
S4 Dell Foundation Services;Dell Foundation Services;C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2017-1-11 97616]
S4 Dell Help & Support;Dell Help & Support;C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [2016-12-22 77648]
S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-6-23 238320]
S4 DSAO;Driver Support AO Service;C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe [2016-8-30 2033104]
S4 hvcrash;hvcrash;C:\WINDOWS\System32\drivers\hvcrash.sys [2018-4-11 33184]
S4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S4 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
S4 Intel(R) WiDi SAM;Intel(R) WiDi Software Asset Manager;C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-6-23 19088]
S4 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-9-18 207648]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [2017-9-5 404376]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2017-2-13 268704]
S4 Product Registration;Product Registration;C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [2017-4-6 47144]
S4 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-6-19 1646608]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S4 SlimService;SlimWare Utility Service Launcher;C:\Program Files\SlimService\SlimServiceFactory.exe [2016-7-25 252096]
S4 ssh-agent;OpenSSH Authentication Agent;C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-4-12 495616]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S4 WavesSysSvc;Waves Audio Services;C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [2015-7-7 564144]
S4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2017-2-13 3743648]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-08-26 15:39:07 14821528 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC6AAE42-0593-4437-BCEC-52CA82CE7B42}\mpengine.dll
2018-08-25 18:39:35 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD18F3B2-49D8-455B-8392-1DFF7FB9341C}\MpKsl6a070500.sys
2018-08-25 16:49:11 14821528 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-08-17 18:08:13 -------- d-sh--w- C:\ProgramData\ms-drivers
2018-08-17 18:08:13 -------- d-sh--w- C:\ProgramData\icsxml
2018-08-15 02:03:59 884224 ----a-w- C:\WINDOWS\System32\NMAA.dll
2018-08-11 01:13:52 -------- d-----w- C:\Users\killi\opera autoupdate
.
==================== Find3M ====================
.
2018-08-06 15:19:36 836480 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-08-06 15:19:36 181120 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-08-03 08:39:20 790304 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2018-08-03 08:25:07 123392 ----a-w- C:\WINDOWS\System32\fontsub.dll
2018-08-03 08:25:01 178176 ----a-w- C:\WINDOWS\System32\t2embed.dll
2018-08-03 08:24:28 46592 ----a-w- C:\WINDOWS\System32\atmlib.dll
2018-08-03 08:24:26 66048 ----a-w- C:\WINDOWS\System32\msiexec.exe
2018-08-03 08:24:14 99328 ----a-w- C:\WINDOWS\System32\hlink.dll
2018-08-03 08:22:01 1127936 ----a-w- C:\WINDOWS\System32\nettrace.dll
2018-08-03 08:21:44 1121792 ----a-w- C:\WINDOWS\System32\TSWorkspace.dll
2018-08-03 08:21:14 1364992 ----a-w- C:\WINDOWS\System32\bcastdvruserservice.dll
2018-08-03 08:21:08 765440 ----a-w- C:\WINDOWS\System32\tdh.dll
2018-08-03 08:20:56 134144 ----a-w- C:\WINDOWS\System32\sppc.dll
2018-08-03 08:20:06 4049408 ----a-w- C:\WINDOWS\System32\msi.dll
2018-08-03 08:20:06 3652608 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2018-08-03 08:19:33 1661440 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2018-08-03 07:45:19 663128 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2018-08-03 07:33:45 98304 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
2018-08-03 07:33:45 138752 ----a-w- C:\WINDOWS\SysWow64\t2embed.dll
2018-08-03 07:32:30 60416 ----a-w- C:\WINDOWS\SysWow64\msiexec.exe
2018-08-03 07:30:42 99840 ----a-w- C:\WINDOWS\SysWow64\hlink.dll
2018-08-03 07:29:18 621568 ----a-w- C:\WINDOWS\SysWow64\tdh.dll
2018-08-03 07:28:30 2895360 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2018-08-03 07:27:52 1469952 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2018-08-03 07:27:39 4050432 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2018-08-03 05:41:39 1008640 ----a-w- C:\WINDOWS\System32\Windows.Media.MixedRealityCapture.dll
2018-08-03 04:49:49 868864 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.MixedRealityCapture.dll
2018-08-03 03:47:39 1034624 ----a-w- C:\WINDOWS\System32\ApplyTrustOffline.exe
2018-08-03 03:47:12 128920 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2018-08-03 03:46:54 269248 ----a-w- C:\WINDOWS\System32\SgrmEnclave_secure.dll
2018-08-03 03:46:53 272296 ----a-w- C:\WINDOWS\System32\SgrmEnclave.dll
2018-08-03 03:41:03 77608 ----a-w- C:\WINDOWS\System32\drivers\hvservice.sys
2018-08-03 03:41:01 61736 ----a-w- C:\WINDOWS\System32\hvhostsvc.dll
2018-08-03 03:41:01 568600 ----a-w- C:\WINDOWS\System32\tcblaunch.exe
2018-08-03 03:40:59 1221048 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-08-03 03:40:59 1064744 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2018-08-03 03:40:51 1030952 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-08-03 03:40:48 228136 ----a-w- C:\WINDOWS\System32\drivers\Ucx01000.sys
2018-08-03 03:40:46 136488 ----a-w- C:\WINDOWS\System32\hvloader.dll
2018-08-03 03:40:43 566568 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2018-08-03 03:40:20 72800 ----a-w- C:\WINDOWS\System32\wldp.dll
2018-08-03 03:39:58 75160 ----a-w- C:\WINDOWS\System32\drivers\vpci.sys
2018-08-03 03:39:50 709824 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-08-03 03:39:49 31648 ----a-w- C:\WINDOWS\System32\drivers\winhv.sys
2018-08-03 03:39:49 114080 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-08-03 03:39:36 170936 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2018-08-03 03:39:19 7519992 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-08-03 03:39:13 7436120 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-08-03 03:39:05 9091480 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-08-03 03:39:02 692240 ----a-w- C:\WINDOWS\System32\StructuredQuery.dll
2018-08-03 03:39:02 2829216 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-08-03 03:39:00 1457136 ----a-w- C:\WINDOWS\System32\winload.efi
2018-08-03 03:38:55 1945792 ----a-w- C:\WINDOWS\System32\ntdll.dll
2018-08-03 03:38:55 1097648 ----a-w- C:\WINDOWS\System32\msvproc.dll
2018-08-03 03:38:53 713368 ----a-w- C:\WINDOWS\System32\MSVideoDSP.dll
2018-08-03 03:38:53 1285536 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2018-08-03 03:38:52 1140576 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-08-03 03:38:50 983016 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-08-03 03:38:49 1258288 ----a-w- C:\WINDOWS\System32\winload.exe
2018-08-03 03:38:48 885856 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-08-03 03:38:42 604576 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-08-03 03:38:42 158720 ----a-w- C:\WINDOWS\System32\vertdll.dll
2018-08-03 03:38:32 115640 ----a-w- C:\WINDOWS\System32\kdnet.dll
2018-08-03 03:27:01 61032 ----a-w- C:\WINDOWS\SysWow64\wldp.dll
2018-08-03 03:26:02 6043600 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-08-03 03:25:50 6568784 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-08-03 03:25:44 1131064 ----a-w- C:\WINDOWS\SysWow64\msvproc.dll
2018-08-03 03:25:42 583120 ----a-w- C:\WINDOWS\SysWow64\MSVideoDSP.dll
2018-08-03 03:25:42 539168 ----a-w- C:\WINDOWS\SysWow64\StructuredQuery.dll
2018-08-03 03:25:42 1622296 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2018-08-03 03:25:38 568568 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2018-08-03 03:23:15 25846784 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2018-08-03 03:18:46 22007808 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2018-08-03 03:17:27 4380160 ----a-w- C:\WINDOWS\System32\EdgeContent.dll
2018-08-03 03:17:05 10240 ----a-w- C:\WINDOWS\System32\drivers\vmgid.sys
2018-08-03 03:16:33 144384 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2018-08-03 03:16:25 18432 ----a-w- C:\WINDOWS\System32\winshfhc.dll
2018-08-03 03:15:43 68096 ----a-w- C:\WINDOWS\System32\drivers\winhvr.sys
2018-08-03 03:15:08 8188928 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2018-08-03 03:14:42 113664 ----a-w- C:\WINDOWS\System32\WaaSAssessment.dll
2018-08-03 03:14:18 514560 ----a-w- C:\WINDOWS\System32\nltest.exe
2018-08-03 03:14:18 209408 ----a-w- C:\WINDOWS\System32\AppXApplicabilityBlob.dll
2018-08-03 03:14:10 4867584 ----a-w- C:\WINDOWS\System32\jscript9.dll
2018-08-03 03:13:50 6661632 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2018-08-03 03:13:08 3395072 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2018-08-03 03:13:05 395776 ----a-w- C:\WINDOWS\System32\Search.ProtocolHandler.MAPI2.dll
2018-08-03 03:13:04 154112 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-08-03 03:12:39 3392000 ----a-w- C:\WINDOWS\System32\tquery.dll
2018-08-03 03:12:38 761344 ----a-w- C:\WINDOWS\System32\nshwfp.dll
2018-08-03 03:12:35 311296 ----a-w- C:\WINDOWS\System32\drivers\netbt.sys
2018-08-03 03:12:19 2738688 ----a-w- C:\WINDOWS\System32\mssrch.dll
2018-08-03 03:12:13 894464 ----a-w- C:\WINDOWS\System32\webplatstorageserver.dll
2018-08-03 03:12:07 726528 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
2018-08-03 03:11:34 2172928 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2018-08-03 03:11:28 7577088 ----a-w- C:\WINDOWS\System32\Chakra.dll
2018-08-03 03:11:28 1708544 ----a-w- C:\WINDOWS\System32\MSPhotography.dll
2018-08-03 03:11:25 898560 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2018-08-03 03:11:23 3712000 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2018-08-03 03:11:21 808448 ----a-w- C:\WINDOWS\System32\EdgeManager.dll
2018-08-03 03:11:14 983040 ----a-w- C:\WINDOWS\System32\wbiosrvc.dll
.
============= FINISH: 8:44:39.48 ===============
Attached Files
File Type: txt attach.txt (9.6 KB, 5 views)
DandyBella is offline  
Sponsored Links
Advertisement
 
Old 08-26-2018, 09:12 AM   #2
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



sorry just subscribing to my own thread. couldn't figure out how to do it without replying.
DandyBella is offline  
Old 08-26-2018, 09:16 AM   #3
Microsoft-Team Manager
Hardware - Team Manager
 
joeten's Avatar
 
Join Date: Dec 2008
Location: Glasgow Scotland
Posts: 68,223
OS: win 10 Home



Look in your user control panel, settings.
__________________






Eliminate all other factors, and the one which remains must be the truth.
joeten is offline  
Sponsored Links
Advertisement
 
Old 08-26-2018, 10:16 AM   #4
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,824
OS: Windows 7 Professional SP1

My System


Thread Tools at top of page.
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 08-27-2018, 07:40 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

SlimCleaner Plus

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-27-2018, 07:56 PM   #6
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



I clicked the link you provided for the cleaner & got an error page. Should I try to find somewhere else to download it from? Thanks so much for helping! Oddly, the second I got your reply, my entire laptop froze again & I had to shut it down :-(

Anna
DandyBella is offline  
Old 08-27-2018, 07:58 PM   #7
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



DISREGARD it took me to the site now
DandyBella is offline  
Old 08-27-2018, 08:10 PM   #8
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



ADWCleaner log:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-27-2018
# Duration: 00:05:11
# OS: Windows 10 Home
# Cleaned: 78
# Failed: 0


***** [ Services ] *****

Deleted rtop
Deleted ByteFenceService
Deleted CouponPrinterService
Deleted SlimService

***** [ Folders ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
Deleted C:\ProgramData\ByteFence
Deleted C:\Program Files\ByteFence
Deleted C:\Users\killi\Downloads\Driver Support
Deleted C:\ProgramData\UAB
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
Deleted C:\Program Files (x86)\DriverUpdate
Deleted C:\Users\killi\AppData\Local\Downloaded Installers
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
Deleted C:\Program Files\SlimService
Deleted C:\ProgramData\slimware utilities inc
Deleted C:\Users\killi\AppData\Local\slimware utilities inc
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Deleted C:\Program Files (x86)\Coupons
Deleted C:\Program Files (x86)\Object

***** [ Files ] *****

Deleted C:\Windows\SysWOW64\rnd_chunk.bin
Deleted C:\Windows\System32\drivers\swdumon.sys
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\ByteFence

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Deleted HKU\S-1-5-18\Software\ByteFence
Deleted HKCU\Software\ByteFence
Deleted HKU\.DEFAULT\Software\ByteFence
Deleted HKLM\Software\Wow6432Node\ByteFence
Deleted HKLM\Software\ByteFence
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF0B3546-F19D-4FF1-B96F-BA1AF81B86D8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\rtop
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\ByteFenceService
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\DriverSupport.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverSupport.exe
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\driversupport.com
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Deleted HKCU\Software\csastats
Deleted HKCU\Software\ICSW1.23
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70AA5E57-6A21-42B8-9B5F-8F071CC265AD}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA
Deleted HKLM\Software\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA
Deleted HKLM\Software\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
Deleted HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Deleted HKLM\Software\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Deleted HKLM\Software\Classes\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
Deleted HKLM\Software\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
Deleted HKLM\Software\Classes\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}
Deleted HKLM\Software\Classes\CLSID\{959D527D-6C27-4879-A644-065526D6969C}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Deleted HKLM\Software\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\CouponPrinterService
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{10DC7CDC-5562-42EA-87B9-C4F2A6B95D0E}
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{f7bb050c-e116-44da-89c2-6f2b68c54836}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{f7bb050c-e116-44da-89c2-6f2b68c54836}
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted HKLM\Software\SLIMWARE UTILITIES, INC.
Deleted HKCU\Software\SlimWare Utilities Inc
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\SlimService

***** [ Chromium (and derivatives) ] *****

Deleted Search Manager

***** [ Chromium URLs ] *****

Deleted Ask
Deleted Astromenda
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [8036 octets] - [27/08/2018 19:59:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
DandyBella is offline  
Old 08-27-2018, 08:17 PM   #9
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



Farbar Recovery:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by killi (administrator) on DESKTOP-1SVPQKJ (27-08-2018 20:12:17)
Running from C:\Users\killi\Downloads
Loaded Profiles: killi (Available Profiles: killi)
Platform: Windows 10 Home Version 1803 17134.228 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\DriverSupport.exe
(Malwarebytes) C:\Users\killi\Downloads\AdwCleaner.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Facebook) C:\Users\killi\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The CefSharp Authors) C:\Users\killi\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3885616 2015-07-23] (Dell Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-05-12] (Conexant Systems, Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [600496 2015-07-07] (Waves Audio Ltd.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\Dell-Notebook\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-10-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\killi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-12-10]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\killi\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8c844491-a4d5-4f69-bc3a-2ac3aea779b6}: [DhcpNameServer] 172.51.1.171
Tcpip\..\Interfaces\{8cf38701-0fbd-48d3-a0fe-96550aa0aa75}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131781619607844589&GUID=BBCB45DD-3117-4991-847E-B5D373FA2FB8
HKU\S-1-5-21-886749300-569326981-3437551655-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {10DC7CDC-5562-42EA-87B9-C4F2A6B95D0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {10DC7CDC-5562-42EA-87B9-C4F2A6B95D0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {10DC7CDC-5562-42EA-87B9-C4F2A6B95D0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {10DC7CDC-5562-42EA-87B9-C4F2A6B95D0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-886749300-569326981-3437551655-1001 -> DefaultScope {10DC7CDC-5562-42EA-87B9-C4F2A6B95D0E} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://192.168.1.17/WebClient.exe
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.11/codebase/DVM_IPCam2.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfeeŽ WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin-x32: @edvR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR NewTab: Default -> Active:"chrome-extension://jfcjhdijahefmfgcceakfkkialaekpfl/homepage.html", Not-active:"chrome-extension://fpdpdomdpmhpgncppolomeniknkgpbhm/newtab.html", Not-active:"chrome-extension://ehlceeijggpdgfcefmipcmdelickjgfg/ntab.html"
CHR Profile: C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default [2018-08-27]
CHR Extension: (Slides) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Yahoo Web) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2017-06-15]
CHR Extension: (Docs) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-27]
CHR Extension: (Ledger Manager) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2018-08-07]
CHR Extension: (YouTube) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27]
CHR Extension: (Adblock Plus) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-18]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2018-07-26]
CHR Extension: (Hermes Tab) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg [2017-12-09]
CHR Extension: (Sheets) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (McAfeeŽ WebAdvisor) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-08-17]
CHR Extension: (Yahoo Partner) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdpdomdpmhpgncppolomeniknkgpbhm [2018-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Ledger Wallet Ethereum) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2018-08-09]
CHR Extension: (Yahoo Homepage) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfcjhdijahefmfgcceakfkkialaekpfl [2018-08-18]
CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2018-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Search Manager) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2018-08-27]
CHR Extension: (Gmail) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\killi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-12]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-886749300-569326981-3437551655-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-886749300-569326981-3437551655-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-09-30] (Intel Corporation)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S4 CxUtilSvc; C:\Program Files\Conexant\SA3\Dell-Notebook\CxUtilSvc.exe [135288 2016-03-17] (Conexant Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S4 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
S4 DSAO; C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe [2033104 2016-08-30] (PC Drivers HeadQuarters LP)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel Corporation)
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-02-13] ()
S4 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [564144 2015-07-07] (Waves Audio Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3743648 2017-02-13] (IntelŽ Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Intel Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-27 20:12 - 2018-08-27 20:13 - 000020153 _____ C:\Users\killi\Downloads\FRST.txt
2018-08-27 20:11 - 2018-08-27 20:12 - 000000000 ____D C:\FRST
2018-08-27 20:11 - 2018-08-27 20:11 - 002413056 _____ (Farbar) C:\Users\killi\Downloads\FRST64.exe
2018-08-27 20:08 - 2018-08-27 20:08 - 000000000 ____D C:\ProgramData\UAB
2018-08-27 19:59 - 2018-08-27 19:59 - 000000000 ____D C:\AdwCleaner
2018-08-27 19:58 - 2018-08-27 19:58 - 007417040 _____ (Malwarebytes) C:\Users\killi\Downloads\AdwCleaner.exe
2018-08-26 08:44 - 2018-08-26 08:44 - 000048595 _____ C:\Users\killi\Desktop\dds.txt
2018-08-26 08:44 - 2018-08-26 08:44 - 000009865 _____ C:\Users\killi\Desktop\attach.txt
2018-08-26 08:42 - 2018-08-26 08:42 - 000688992 ____R (Swearware) C:\Users\killi\Downloads\dds.scr
2018-08-25 14:46 - 2018-08-25 14:46 - 008881620 _____ C:\Users\killi\Downloads\sce guys.mp4
2018-08-19 09:07 - 2018-08-19 09:07 - 000047024 _____ C:\Users\killi\Downloads\statement (1).pdf
2018-08-19 09:05 - 2018-08-19 09:05 - 000091626 _____ C:\Users\killi\Downloads\statement-Jul-2018.pdf
2018-08-18 13:08 - 2018-08-18 13:08 - 000144899 _____ C:\Users\killi\Desktop\Checkout - LavaŽ Lamp.pdf
2018-08-18 13:08 - 2018-08-18 13:08 - 000068654 _____ C:\Users\killi\Desktop\Checkout - LavaŽ Lamp.html
2018-08-18 13:08 - 2018-08-18 13:08 - 000000000 ____D C:\Users\killi\Desktop\Checkout - LavaŽ Lamp_files
2018-08-17 11:17 - 2018-08-17 11:18 - 105775460 _____ C:\Users\killi\Downloads\Game of Thrones 1x06 A Golden Crown Reaction.mp4
2018-08-17 11:11 - 2018-08-17 11:12 - 022035648 _____ (HOW Inc.) C:\Users\killi\Downloads\YouTubeDownloaderSetup (1).exe
2018-08-17 11:08 - 2018-08-17 11:08 - 000000000 __SHD C:\ProgramData\ms-drivers
2018-08-17 11:08 - 2018-08-17 11:08 - 000000000 __SHD C:\ProgramData\icsxml
2018-08-14 19:04 - 2018-08-03 01:39 - 021389368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-08-14 19:04 - 2018-08-03 01:21 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-08-14 19:04 - 2018-08-03 01:20 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-08-14 19:04 - 2018-08-03 00:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-08-14 19:04 - 2018-08-03 00:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-08-14 19:04 - 2018-08-02 20:47 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-08-14 19:04 - 2018-08-02 20:40 - 001221048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-08-14 19:04 - 2018-08-02 20:40 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-08-14 19:04 - 2018-08-02 20:39 - 009091480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-08-14 19:04 - 2018-08-02 20:39 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-08-14 19:04 - 2018-08-02 20:39 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-08-14 19:04 - 2018-08-02 20:39 - 002829216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-08-14 19:04 - 2018-08-02 20:38 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-08-14 19:04 - 2018-08-02 20:38 - 001945792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-08-14 19:04 - 2018-08-02 20:26 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-08-14 19:04 - 2018-08-02 20:25 - 006568784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-08-14 19:04 - 2018-08-02 20:25 - 002255008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-08-14 19:04 - 2018-08-02 20:25 - 001622296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-08-14 19:04 - 2018-08-02 20:23 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-08-14 19:04 - 2018-08-02 20:18 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-08-14 19:04 - 2018-08-02 20:18 - 022007808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-08-14 19:04 - 2018-08-02 20:17 - 004380160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-08-14 19:04 - 2018-08-02 20:15 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-08-14 19:04 - 2018-08-02 20:14 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-08-14 19:04 - 2018-08-02 20:13 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-08-14 19:04 - 2018-08-02 20:13 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-08-14 19:04 - 2018-08-02 20:13 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-08-14 19:04 - 2018-08-02 20:12 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-08-14 19:04 - 2018-08-02 20:12 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-08-14 19:04 - 2018-08-02 20:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-08-14 19:04 - 2018-08-02 20:11 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-08-14 19:04 - 2018-08-02 20:11 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-08-14 19:04 - 2018-08-02 20:11 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-08-14 19:04 - 2018-08-02 20:11 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-08-14 19:04 - 2018-08-02 20:09 - 005776896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-08-14 19:04 - 2018-08-02 20:09 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-08-14 19:04 - 2018-08-02 20:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-08-14 19:04 - 2018-08-02 20:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-08-14 19:04 - 2018-08-02 20:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-08-14 19:04 - 2018-08-02 20:08 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-08-14 19:04 - 2018-08-02 20:06 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-08-14 19:04 - 2018-07-14 17:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-08-14 19:04 - 2018-07-14 17:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-08-14 19:04 - 2018-07-14 17:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-08-14 19:04 - 2018-07-14 17:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-08-14 19:04 - 2018-07-14 17:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-08-14 19:04 - 2018-07-14 17:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-08-14 19:04 - 2018-07-14 17:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-08-14 19:04 - 2018-07-14 17:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-08-14 19:04 - 2018-07-14 16:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-08-14 19:04 - 2018-07-14 16:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-08-14 19:04 - 2018-07-14 16:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-08-14 19:04 - 2018-07-13 23:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-08-14 19:04 - 2018-07-13 23:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-08-14 19:04 - 2018-07-13 21:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-08-14 19:04 - 2018-07-13 21:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-08-14 19:04 - 2018-07-13 21:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-08-14 19:04 - 2018-07-13 21:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-08-14 19:04 - 2018-07-13 21:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-08-14 19:04 - 2018-07-13 21:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-08-14 19:04 - 2018-07-13 21:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-08-14 19:04 - 2018-07-13 21:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-08-14 19:04 - 2018-07-13 21:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-08-14 19:04 - 2018-07-13 21:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-08-14 19:04 - 2018-07-13 21:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-08-14 19:04 - 2018-07-13 21:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-08-14 19:04 - 2018-07-13 21:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-08-14 19:04 - 2018-07-13 21:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-08-14 19:04 - 2018-07-13 21:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-08-14 19:04 - 2018-07-13 20:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-08-14 19:04 - 2018-07-13 20:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-08-14 19:04 - 2018-07-13 20:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-08-14 19:04 - 2018-07-13 20:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-08-14 19:04 - 2018-07-13 20:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-08-14 19:04 - 2018-07-13 20:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-08-14 19:04 - 2018-07-13 20:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-08-14 19:04 - 2018-07-13 20:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-08-14 19:04 - 2018-07-13 20:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-08-14 19:04 - 2018-07-13 20:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-08-14 19:04 - 2018-07-13 20:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-08-14 19:04 - 2018-07-13 20:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-08-14 19:04 - 2018-07-13 20:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-08-14 19:04 - 2018-07-13 20:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-08-14 19:04 - 2018-07-13 20:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-08-14 19:04 - 2018-07-13 20:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-08-14 19:04 - 2018-07-13 20:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-08-14 19:04 - 2018-07-13 20:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-08-14 19:04 - 2018-07-13 20:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-08-14 19:04 - 2018-07-13 20:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-08-14 19:04 - 2018-07-13 20:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-08-14 19:04 - 2018-07-13 20:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-08-14 19:04 - 2018-07-13 20:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-08-14 19:04 - 2018-07-13 20:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-08-14 19:03 - 2018-08-03 01:39 - 000790304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-08-14 19:03 - 2018-08-03 01:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-08-14 19:03 - 2018-08-03 01:25 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-08-14 19:03 - 2018-08-03 01:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-08-14 19:03 - 2018-08-03 01:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2018-08-14 19:03 - 2018-08-03 01:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-08-14 19:03 - 2018-08-03 01:22 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-08-14 19:03 - 2018-08-03 01:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-08-14 19:03 - 2018-08-03 01:21 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-08-14 19:03 - 2018-08-03 01:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-08-14 19:03 - 2018-08-03 01:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-08-14 19:03 - 2018-08-03 01:20 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2018-08-14 19:03 - 2018-08-03 01:19 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-08-14 19:03 - 2018-08-03 00:45 - 000663128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-08-14 19:03 - 2018-08-03 00:33 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-08-14 19:03 - 2018-08-03 00:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-08-14 19:03 - 2018-08-03 00:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2018-08-14 19:03 - 2018-08-03 00:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-08-14 19:03 - 2018-08-03 00:29 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-08-14 19:03 - 2018-08-03 00:29 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-08-14 19:03 - 2018-08-03 00:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-08-14 19:03 - 2018-08-03 00:27 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-08-14 19:03 - 2018-08-02 22:41 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-08-14 19:03 - 2018-08-02 21:49 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-08-14 19:03 - 2018-08-02 20:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2018-08-14 19:03 - 2018-08-02 20:46 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-08-14 19:03 - 2018-08-02 20:46 - 000269248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-08-14 19:03 - 2018-08-02 20:41 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-08-14 19:03 - 2018-08-02 20:41 - 000077608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-08-14 19:03 - 2018-08-02 20:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-08-14 19:03 - 2018-08-02 20:40 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-08-14 19:03 - 2018-08-02 20:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-08-14 19:03 - 2018-08-02 20:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-08-14 19:03 - 2018-08-02 20:40 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-08-14 19:03 - 2018-08-02 20:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-08-14 19:03 - 2018-08-02 20:39 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-08-14 19:03 - 2018-08-02 20:39 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-08-14 19:03 - 2018-08-02 20:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-08-14 19:03 - 2018-08-02 20:39 - 000170936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-08-14 19:03 - 2018-08-02 20:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-08-14 19:03 - 2018-08-02 20:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-08-14 19:03 - 2018-08-02 20:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-08-14 19:03 - 2018-08-02 20:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-08-14 19:03 - 2018-08-02 20:38 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-08-14 19:03 - 2018-08-02 20:38 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-08-14 19:03 - 2018-08-02 20:38 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-08-14 19:03 - 2018-08-02 20:38 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-08-14 19:03 - 2018-08-02 20:38 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-08-14 19:03 - 2018-08-02 20:38 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-08-14 19:03 - 2018-08-02 20:38 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-08-14 19:03 - 2018-08-02 20:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-08-14 19:03 - 2018-08-02 20:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2018-08-14 19:03 - 2018-08-02 20:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-08-14 19:03 - 2018-08-02 20:25 - 001131064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-08-14 19:03 - 2018-08-02 20:25 - 000583120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-08-14 19:03 - 2018-08-02 20:25 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-08-14 19:03 - 2018-08-02 20:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-08-14 19:03 - 2018-08-02 20:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-08-14 19:03 - 2018-08-02 20:16 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-08-14 19:03 - 2018-08-02 20:16 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2018-08-14 19:03 - 2018-08-02 20:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-08-14 19:03 - 2018-08-02 20:14 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-08-14 19:03 - 2018-08-02 20:14 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-08-14 19:03 - 2018-08-02 20:14 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2018-08-14 19:03 - 2018-08-02 20:13 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-08-14 19:03 - 2018-08-02 20:13 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-08-14 19:03 - 2018-08-02 20:12 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-08-14 19:03 - 2018-08-02 20:12 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-08-14 19:03 - 2018-08-02 20:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-08-14 19:03 - 2018-08-02 20:11 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-08-14 19:03 - 2018-08-02 20:11 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-08-14 19:03 - 2018-08-02 20:11 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-08-14 19:03 - 2018-08-02 20:11 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-08-14 19:03 - 2018-08-02 20:10 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-08-14 19:03 - 2018-08-02 20:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2018-08-14 19:03 - 2018-08-02 20:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-08-14 19:03 - 2018-08-02 20:09 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-08-14 19:03 - 2018-08-02 20:09 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-08-14 19:03 - 2018-08-02 20:09 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-08-14 19:03 - 2018-08-02 20:08 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-08-14 19:03 - 2018-08-02 20:08 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-08-14 19:03 - 2018-08-02 20:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-08-14 19:03 - 2018-08-02 20:08 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-08-14 19:03 - 2018-08-02 20:08 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-08-14 19:03 - 2018-08-02 20:08 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-08-14 19:03 - 2018-08-02 20:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-08-14 19:03 - 2018-08-02 20:08 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-08-14 19:03 - 2018-08-02 20:08 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-08-14 19:03 - 2018-08-02 20:08 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-08-14 19:03 - 2018-08-02 20:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-08-14 19:03 - 2018-08-02 20:07 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-08-14 19:03 - 2018-08-02 20:07 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-08-14 19:03 - 2018-08-02 20:07 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-08-14 19:03 - 2018-08-02 20:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-08-14 19:03 - 2018-08-02 20:06 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-08-14 19:03 - 2018-08-02 20:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-08-14 19:03 - 2018-08-02 20:06 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-08-14 19:03 - 2018-08-02 20:06 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-08-14 19:03 - 2018-08-02 20:05 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-08-14 19:03 - 2018-08-02 20:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-08-14 19:03 - 2018-08-02 20:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-08-14 19:03 - 2018-08-02 20:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-08-14 19:03 - 2018-08-02 18:54 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-08-14 19:03 - 2018-07-14 17:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-08-14 19:03 - 2018-07-14 17:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-08-14 19:03 - 2018-07-14 17:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-08-14 19:03 - 2018-07-14 17:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-08-14 19:03 - 2018-07-14 17:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-08-14 19:03 - 2018-07-14 17:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-08-14 19:03 - 2018-07-14 17:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-08-14 19:03 - 2018-07-14 17:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-08-14 19:03 - 2018-07-14 16:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-08-14 19:03 - 2018-07-14 16:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-08-14 19:03 - 2018-07-14 16:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-08-14 19:03 - 2018-07-14 16:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-08-14 19:03 - 2018-07-14 16:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-08-14 19:03 - 2018-07-14 16:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-08-14 19:03 - 2018-07-14 16:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-08-14 19:03 - 2018-07-13 21:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-08-14 19:03 - 2018-07-13 21:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-08-14 19:03 - 2018-07-13 21:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-08-14 19:03 - 2018-07-13 21:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-08-14 19:03 - 2018-07-13 21:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-08-14 19:03 - 2018-07-13 21:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-08-14 19:03 - 2018-07-13 21:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-08-14 19:03 - 2018-07-13 21:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-08-14 19:03 - 2018-07-13 21:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-08-14 19:03 - 2018-07-13 21:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-08-14 19:03 - 2018-07-13 21:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-08-14 19:03 - 2018-07-13 21:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-08-14 19:03 - 2018-07-13 21:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-08-14 19:03 - 2018-07-13 21:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-08-14 19:03 - 2018-07-13 21:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-08-14 19:03 - 2018-07-13 21:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-08-14 19:03 - 2018-07-13 21:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-08-14 19:03 - 2018-07-13 20:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-08-14 19:03 - 2018-07-13 20:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-08-14 19:03 - 2018-07-13 20:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-08-14 19:03 - 2018-07-13 20:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-08-14 19:03 - 2018-07-13 20:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-08-14 19:03 - 2018-07-13 20:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-08-14 19:03 - 2018-07-13 20:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-08-14 19:03 - 2018-07-13 20:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-08-14 19:03 - 2018-07-13 20:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-08-14 19:03 - 2018-07-13 20:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-08-14 19:03 - 2018-07-13 20:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-08-14 19:03 - 2018-07-13 20:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-08-14 19:03 - 2018-07-13 20:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-08-14 19:03 - 2018-07-13 20:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-08-14 19:03 - 2018-07-13 20:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-08-14 19:03 - 2018-07-13 20:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-08-14 19:03 - 2018-07-13 20:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-08-14 19:03 - 2018-07-13 20:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-08-14 19:03 - 2018-07-13 20:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-08-14 19:03 - 2018-07-13 20:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-08-14 19:03 - 2018-07-13 20:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-08-14 19:03 - 2018-07-13 20:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-08-14 19:03 - 2018-07-13 20:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-08-14 19:03 - 2018-07-13 20:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-08-14 19:03 - 2018-07-13 20:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-08-14 19:03 - 2018-07-13 20:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-08-14 19:03 - 2018-07-13 20:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-08-14 19:03 - 2018-07-13 20:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-08-14 19:03 - 2018-07-13 20:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-08-14 19:03 - 2018-07-13 20:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-08-14 19:03 - 2018-07-13 20:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-08-14 19:03 - 2018-07-13 20:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-08-14 19:03 - 2018-07-13 20:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-08-14 19:03 - 2018-07-13 20:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-08-14 19:03 - 2018-07-13 20:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-08-14 19:03 - 2018-07-13 20:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-08-14 19:03 - 2018-07-13 20:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-08-14 19:03 - 2018-07-13 20:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-08-14 19:03 - 2018-07-13 20:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-08-14 19:03 - 2018-07-13 20:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-08-14 19:03 - 2018-07-13 20:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-08-14 19:03 - 2018-07-13 20:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-08-14 19:03 - 2018-07-13 20:49 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-08-14 19:03 - 2018-07-13 20:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-08-14 19:03 - 2018-07-12 21:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-08-11 10:12 - 2018-08-11 10:13 - 061566177 _____ C:\Users\killi\Desktop\My Movie.mp4
2018-08-10 18:13 - 2018-08-21 18:31 - 000000000 ____D C:\Users\killi\opera autoupdate
2018-08-07 17:32 - 2018-08-07 17:33 - 000001293 _____ C:\Users\killi\Desktop\Google Chrome.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-27 20:08 - 2018-05-28 12:44 - 000003394 _____ C:\WINDOWS\System32\Tasks\Driver Support
2018-08-27 20:06 - 2018-05-28 12:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-27 20:06 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-27 20:06 - 2016-05-21 14:33 - 000000000 __SHD C:\Users\killi\IntelGraphicsProfiles
2018-08-27 20:05 - 2018-05-28 12:26 - 000000000 ____D C:\Users\killi
2018-08-27 20:05 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-27 19:48 - 2018-05-28 12:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-27 18:34 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-27 18:33 - 2017-10-21 12:32 - 000059890 _____ C:\WINDOWS\SysWOW64\stub.json
2018-08-27 17:43 - 2018-05-28 12:44 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B58C9F2C-F95F-4FF5-AD89-09B35DBBDA88}
2018-08-27 17:43 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-27 07:45 - 2017-01-11 09:03 - 000000335 _____ C:\Users\killi\AppData\Roaming\WB.CFG
2018-08-27 07:15 - 2017-01-01 12:35 - 000000000 ____D C:\ProgramData\{6A4CAF2F-E00E-25E9-66C8-BBABFC8A3065}
2018-08-26 08:39 - 2016-12-27 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-08-26 08:38 - 2018-02-18 13:34 - 000000000 ____D C:\Users\killi\AppData\Local\Opera Software
2018-08-26 08:37 - 2017-04-24 20:19 - 000000000 ____D C:\Users\killi\AppData\Local\Adobe
2018-08-26 08:36 - 2018-05-28 12:44 - 000004552 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-08-26 08:36 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-08-26 08:36 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-25 09:44 - 2018-02-18 14:23 - 000000000 ____D C:\Users\killi\Downloads\opera autoupdate
2018-08-25 08:22 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-23 20:29 - 2016-03-17 13:10 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-08-23 20:29 - 2016-03-17 13:10 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-08-21 18:28 - 2018-05-28 12:44 - 000003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-08-21 18:28 - 2018-05-28 12:44 - 000003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-08-18 09:26 - 2017-09-22 18:52 - 000000000 ____D C:\Users\killi\AppData\Local\ElevatedDiagnostics
2018-08-17 14:18 - 2018-05-28 12:36 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-17 14:18 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-14 22:17 - 2017-03-25 10:18 - 000000000 ___RD C:\Users\killi\3D Objects
2018-08-14 22:17 - 2016-03-17 13:15 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-14 22:16 - 2018-05-28 12:21 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-08-14 22:14 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-08-14 22:14 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-08-14 19:15 - 2016-05-21 16:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-14 19:13 - 2016-05-21 16:56 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-11 06:59 - 2016-08-22 15:44 - 001388432 _____ C:\Users\Public\VOIP.dat
2018-08-10 07:17 - 2016-05-27 18:51 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 07:17 - 2016-05-27 18:51 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-07 07:15 - 2018-05-28 12:44 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-886749300-569326981-3437551655-1001
2018-08-07 07:15 - 2018-05-28 12:26 - 000002412 _____ C:\Users\killi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-07 07:15 - 2016-05-21 14:36 - 000000000 ___RD C:\Users\killi\OneDrive
2018-08-06 08:19 - 2018-07-18 17:41 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-08-06 08:19 - 2018-07-18 17:41 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-01 19:11 - 2018-07-10 17:37 - 000000000 ____D C:\ProgramData\Packages
2018-07-31 17:53 - 2018-05-28 12:44 - 000004210 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1518986068
2018-07-30 17:41 - 2018-02-18 14:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2016-08-22 15:44 - 2018-08-11 06:59 - 001388432 _____ () C:\Users\Public\VOIP.dat
2017-01-11 09:03 - 2018-08-27 07:45 - 000000335 _____ () C:\Users\killi\AppData\Roaming\WB.CFG
2017-12-17 10:36 - 2017-12-21 19:32 - 000000056 _____ () C:\Users\killi\AppData\Local\eb82wtqnkh
2017-12-12 09:06 - 2017-12-12 09:06 - 000000052 _____ () C:\Users\killi\AppData\Local\wfOraJmVyh
2018-06-11 07:22 - 2018-06-11 07:22 - 000000000 _____ () C:\Users\killi\AppData\Local\{982E66D9-751D-476C-9324-476A6CE2BEDA}

Files to move or delete:
====================
C:\Windows\Tasks\{20F3BCEF-735C-380E-0E96-3371723D041E}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-28 12:21

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (43.1 KB, 6 views)
DandyBella is offline  
Old 08-29-2018, 07:30 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello DandyBella. Do you use Yahoo on purpose or was it set for you by McAfee?

Is McAfee SiteAdvisor a must have? Do you use it?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-30-2018, 07:19 AM   #11
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



I just like Yahoo's home page. It was set by me. I don't even know what the McAfee SiteAdvisor does. I can get rid of that. Thanks :-)
DandyBella is offline  
Old 08-30-2018, 08:31 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, DandyBella. You're welcome.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/...-up-your-files

------------------------------------------------------

Please uninstall the following via Programs and Features(right-click the Windows "logo" button > Programs and Features) if they still exist:

McAfee Security Scan Plus
McAfee WebAdvisor
Search the Web (Yahoo)


------------------------------------------------------

We need to manually remove several extensions in Google Chrome. Open Chrome.

Copy/paste the following bolded text into your Chrome browser address bar and press Enter:

chrome://extensions

Click Remove in the Hermes Tab extension box.

When the confirmation dialog appears, click Remove again.

Repeat for the following(if they still exist):

Yahoo Web
McAfeeŽ WebAdvisor
Yahoo Partner
Search Manager


Exit Chrome.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    Task: {72E061FE-7FF2-4C60-AC28-37B47B92EF20} - System32\Tasks\Yahoo! Powered disid => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{6A4CAF2F-E00E-25E9-66C8-BBABFC8A3065}\rima.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b36413443414632462d453030452d323545392d363643382d4242414246433841333036357d5c636f64697461" "433a5c50726f6772616d446174615c7b36413443414632462d453030452d323545392d363643 (the data entry has 78 more characters). <==== ATTENTION
    Task: {FC195B23-8C63-4434-9F0C-EA0EC305AF4D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Yahoo! Powered disid.job => Wscript.exe  C:\ProgramData\{6A4CAF2F-E00E-25E9-66C8-BBABFC8A3065}\rima.txt <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:0CEE6109 [126]
    AlternateDataStreams: C:\ProgramData\TEMP:1CF7A376 [290]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:40D8F125 [107]
    AlternateDataStreams: C:\ProgramData\TEMP:982E1B5A [134]
    AlternateDataStreams: C:\ProgramData\TEMP:D0BD0C7A [132]
    AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810 [456]
    GroupPolicy: Restriction ? <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-886749300-569326981-3437551655-1001 -> DefaultScope {10DC7CDC-5562-42EA-87B9-C4F2A6B95D0E} URL =
    FF Plugin-x32:   @edvR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
    CHR NewTab: Default -> Active:"chrome-extension://jfcjhdijahefmfgcceakfkkialaekpfl/homepage.html", Not-active:"chrome-extension://fpdpdomdpmhpgncppolomeniknkgpbhm/newtab.html", Not-active:"chrome-extension://ehlceeijggpdgfcefmipcmdelickjgfg/ntab.html"
    CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-886749300-569326981-3437551655-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-886749300-569326981-3437551655-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    C:\Windows\Tasks\{20F3BCEF-735C-380E-0E96-3371723D041E}.job
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-30-2018, 09:51 PM   #13
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



Fix result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by killi (30-08-2018 21:41:18) Run:1
Running from C:\Users\killi\Desktop
Loaded Profiles: killi (Available Profiles: killi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {72E061FE-7FF2-4C60-AC28-37B47B92EF20} - System32\Tasks\Yahoo! Powered disid => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{6A4CAF2F-E00E-25E9-66C8-BBABFC8A3065}\rima.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b36413443414632462d453030452d323545392d363643382d4242414246433841333036357d5c636f64697461" "433a5c50726f6772616d446174615c7b36413443414632462d453030452d323545392d363643 (the data entry has 78 more characters). <==== ATTENTION
Task: {FC195B23-8C63-4434-9F0C-EA0EC305AF4D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered disid.job => Wscript.exe C:\ProgramData\{6A4CAF2F-E00E-25E9-66C8-BBABFC8A3065}\rima.txt <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0CEE6109 [126]
AlternateDataStreams: C:\ProgramData\TEMP:1CF7A376 [290]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:40D8F125 [107]
AlternateDataStreams: C:\ProgramData\TEMP:982E1B5A [134]
AlternateDataStreams: C:\ProgramData\TEMP:D0BD0C7A [132]
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810 [456]
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKU\S-1-5-21-886749300-569326981-3437551655-1001 -> DefaultScope {10DC7CDC-5562-42EA-87B9-C4F2A6B95D0E} URL =
FF Plugin-x32: @edvR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
CHR NewTab: Default -> Active:"chrome-extension://jfcjhdijahefmfgcceakfkkialaekpfl/homepage.html", Not-active:"chrome-extension://fpdpdomdpmhpgncppolomeniknkgpbhm/newtab.html", Not-active:"chrome-extension://ehlceeijggpdgfcefmipcmdelickjgfg/ntab.html"
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-886749300-569326981-3437551655-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-886749300-569326981-3437551655-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
C:\Windows\Tasks\{20F3BCEF-735C-380E-0E96-3371723D041E}.job
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72E061FE-7FF2-4C60-AC28-37B47B92EF20}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72E061FE-7FF2-4C60-AC28-37B47B92EF20}" => removed successfully
C:\WINDOWS\System32\Tasks\Yahoo! Powered disid => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered disid" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC195B23-8C63-4434-9F0C-EA0EC305AF4D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC195B23-8C63-4434-9F0C-EA0EC305AF4D}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
C:\WINDOWS\Tasks\Yahoo! Powered disid.job => moved successfully
C:\ProgramData\TEMP => ":0CEE6109" ADS removed successfully
C:\ProgramData\TEMP => ":1CF7A376" ADS removed successfully
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully
C:\ProgramData\TEMP => ":40D8F125" ADS removed successfully
C:\ProgramData\TEMP => ":982E1B5A" ADS removed successfully
C:\ProgramData\TEMP => ":D0BD0C7A" ADS removed successfully
C:\ProgramData\TEMP => ":D8F9D810" ADS removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-886749300-569326981-3437551655-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\ @edvR/WebClient => not found
"Chrome NewTab" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => removed successfully
"HKU\S-1-5-21-886749300-569326981-3437551655-1001\SOFTWARE\Google\Chrome\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg" => removed successfully
"HKU\S-1-5-21-886749300-569326981-3437551655-1001\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => removed successfully
McAfee SiteAdvisor Service => service not found.
McComponentHostService => service not found.
HKLM\System\CurrentControlSet\Services\mfesapsn => not found
mfesapsn => service removed successfully
C:\Windows\Tasks\{20F3BCEF-735C-380E-0E96-3371723D041E}.job => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25689458 B
Java, Flash, Steam htmlcache => 16359 B
Windows/system/drivers => 10590248 B
Edge => 3176992 B
Chrome => 748874269 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6656 B
LocalService => 0 B
NetworkService => 211036 B
NetworkService => 0 B
killi => 77180511 B

RecycleBin => 0 B
EmptyTemp: => 834.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:43:12 ====
DandyBella is offline  
Old 09-01-2018, 02:56 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, DandyBella. How is the machine behaving? Any improvement?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • NOTE: If you select the Premium features, MBAM will be running as a full-fledged, real-time antivirus application.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart, wait for MBAM to open back up, then click Export Summary
  • If no threats were found, simply click Export Summary
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-02-2018, 10:06 AM   #15
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



Hi!!! It hasn't froze once since I started working with you & running the scans. YAY

After running malwarebytes & restarting, nothing came up, no pop up, no log, nothing. So I'll post my ESET results as soon as the scan finishes & hope that will suffice. If not, maybe I can try to run the malwarebytes again & see if anything comes up next time. Let me know & thanks sooooo much for your help

Anna
DandyBella is offline  
Old 09-02-2018, 10:46 AM   #16
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



ESET RESULTS:

C:\AdwCleaner\Quarantine\v1\20180827.195959\2\Downloaded Installers\{6D34CDFA-2CF8-49DF-8E04-74B23147BB69}\setup.msi#7B238CD47778005F a variant of Win32/UwS.SlimDrivers.A application
C:\AdwCleaner\Quarantine\v1\20180827.195959\3\Downloaded Installers\{70AA5E57-6A21-42B8-9B5F-8F071CC265AD}\setup.msi#7B238CD47778005F a variant of Win32/Slimware.B potentially unwanted application,a variant of Win32/Slimware.C potentially unwanted application
C:\AdwCleaner\Quarantine\v1\20180827.195959\31\SlimService\SlimServiceFactory.exe#69078D38D9588888 a variant of Win32/Slimware.C potentially unwanted application
C:\AdwCleaner\Quarantine\v1\20180827.195959\56\DriverUpdate\DriverUpdate.exe#6A63A13520C3DD4C a variant of Win32/UwS.SlimDrivers.A application
C:\AdwCleaner\Quarantine\v1\20180827.195959\59\Coupons\uninstall.exe#5A462DAA1FEC4A84 a variant of Win32/Adware.Coupons.AA application
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\Program Files (x86)\Windows Live\Photo Gallery\WinMovieMaker.exe a variant of Win32/Hoax.MovieMaker.A application
C:\Users\killi\Downloads\clipgrab-3.6.2-cgorg (1).exe a variant of Win32/FusionCore.K potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\killi\Downloads\clipgrab-3.6.2-cgorg.exe a variant of Win32/FusionCore.K potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\killi\Downloads\CouponPrinter.exe a variant of Win32/Adware.Coupons.AA application
C:\Users\killi\Downloads\windows-movie-maker-2016-full.exe a variant of Win32/Hoax.MovieMaker.A application
C:\Users\killi\Downloads\YouTubeDownloaderSetup (1).exe a variant of MSIL/WebCompanion.A potentially unwanted application,a variant of Win32/WebCompanion.B potentially unwanted application
C:\Users\killi\Downloads\YouTubeDownloaderSetup.exe a variant of Win32/SoftCDN.A potentially unwanted application
C:\Windows\CouponPrinter.ocx a variant of Win32/Adware.Coupons.AA application
C:\Windows\Installer\a54d740.msi a variant of Win32/Slimware.B potentially unwanted application,a variant of Win32/Slimware.C potentially unwanted application
DandyBella is offline  
Old 09-02-2018, 03:39 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Anna. You're very welcome. Glad to hear it.

Some of the ESET finds have already been quarantined by AdwCleaner. Those will get deleted when we uninstall those tools.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll"
"C:\Program Files (x86)\Windows Live\Photo Gallery\WinMovieMaker.exe"
"C:\Users\killi\Downloads\clipgrab-3.6.2-cgorg (1).exe"
"C:\Users\killi\Downloads\clipgrab-3.6.2-cgorg.exe"
"C:\Users\killi\Downloads\CouponPrinter.exe"
"C:\Users\killi\Downloads\windows-movie-maker-2016-full.exe"
"C:\Users\killi\Downloads\YouTubeDownloaderSetup (1).exe"
"C:\Users\killi\Downloads\YouTubeDownloaderSetup.exe"
"C:\Windows\CouponPrinter.ocx"
"C:\Windows\Installer\a54d740.msi "


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Did MBAM find anything?
  • Open MBAM
  • Click on the Reports tab.
  • Scroll down and double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-03-2018, 10:00 AM   #18
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



Okay wait real quick though. I saw the 1st line says "echo". That's my Alexa command for the whole home. Is that going to mess it up? My husband would FLIP OUT! lol thanks :-)

Anna
DandyBella is offline  
Old 09-03-2018, 10:47 AM   #19
Microsoft-Team Manager
Hardware - Team Manager
 
joeten's Avatar
 
Join Date: Dec 2008
Location: Glasgow Scotland
Posts: 68,223
OS: win 10 Home



No it will not affect Alexa, only your PC.
__________________






Eliminate all other factors, and the one which remains must be the truth.
joeten is offline  
Old 09-03-2018, 11:15 AM   #20
I helped the forums.
 
DandyBella's Avatar
 
Join Date: Feb 2005
Location: So Cal
Posts: 69
OS: Windows 10



fix.bat said files deleted successfully.

MBAM:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/3/18
Scan Time: 7:12 AM
Log File: 649e3be0-af83-11e8-887e-08d40cf7fec1.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.6625
License: Trial

-System Information-
OS: Windows 10 (Build 17134.228)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 305244
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 14 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
DandyBella is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
laptop hard freezing, need help!!
Hello! My name is Casey. I recently purchased a Lenovo G710 laptop from Newegg, and straight out of the box, as soon as I turned it on, it was hard freezing. In order for me to do anything, I would have to hold down the power button to shut if off and then remove the battery before it would turn...
loveyourface Laptop Support 5 10-10-2014 09:35 AM
Browser randomly freezing laptop
Hello everyone, I am getting frustrated by the following: browser is randomly freezing my laptop for no apparent reason. An example: I'm browsing the forum and suddenly everything freezes, followed a few seconds later by a black (or pink) screen after which I have to restart the computer. ...
A_stranger BSOD, App Crashes And Hangs 5 11-12-2012 08:31 AM
Laptop Keeps Freezing
Ive had my laptop for about a year now and within the couple of days when I first got it, it kept freezing. Ive dealt with it everyday: restarting holding the power button. Or sometimes going into safe mode with networking. But now it's starting to get on my nerves because im trying to watch videos...
MDocteur1 Windows 7 , Windows Vista Support 2 08-18-2011 04:03 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:46 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts