Bad Image errors after Malware Removal

[TBbbbb]

Hi,

 

I recently removed some malware from my system using MalwareBytes and AdWare Cleaner. Ever since I receive multiple Bad Image errors when opening certain programmes, and (not sure if this is related) some of my USB devices have stopped working (integrated webcam, wifi adapter). These USB errors seem to be caused by a failure to update to the latest drivers, however I cannot manually update them as I receive further errors.

 

Any help would be greatly appreciated, happy to provide any useful information.

 

Thanks

[kevinf80]

Hello TBbbbb and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Can you post the logs from Malwarebytes concerning removed malware.... Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Scan Report" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply... Repeat for othe logs if applicable.. Next, RogueKiller is a powerful tool. So, it is preferable that a helper checks the scan results to avoid potential false positives removal.... Download RogueKiller and save it on your desktop, ensure to download correct version.. RogueKiller (X86) RogueKiller (x64)   Exit all running applications. Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue. If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon. Click "Start Scan" to begin the analysis. This may take some time. Once the scan is complete, click the "Open TXT" button to display the scan report. Copy/Paste it's content in your next reply. Note : A "Premium" version of the tool is available, but the free version provides everything you need to clean your machine. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status...   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....

[TBbbbb]

Hi Kevin,

Thanks for offering your help. Logs as follows:

MalwareBytes report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/5/17
Scan Time: 10:11 PM
Logfile: malwarebytesreport.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.2731
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: WORK-LAPTOP\TBbbbb

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419815
Time Elapsed: 11 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.ASK, HKU\S-1-5-21-1271374752-3483292897-266657564-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ask.com, Quarantined, [516], [391322],1.0.2731
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1271374752-3483292897-266657564-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\gamingwonderland.dl.tb.ask.com, Quarantined, [829], [391321],1.0.2731

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Roguekiller has been running for 6 hours now and hasn't finished. Not sure if I should cancel it or carry on waiting. It seems to be stuck on a registry file.

Thanks

 

 

[kevinf80]

RogueKiller is very thorough and may take several hours depending on what it finds, let it run as long as you can. If your system does seem to be hung up then stop RK and continue wirh FRST....

The MB log does not show anything to cause alarm, anything related to ask.com should always be removed... What programs give bad image errors when you try to open them...?

Thank you,

Kevin...

[TBbbbb]

Hi Kevin,

Thanks, I can leave it running overnight so we'll see what happens. If it's still stuck on the same file tomorrow I'll stop it and move onto FRST as you say.

 

List of programs that result in bad image errors off the top of my head:

Adobe acrobat reader

Blizzard App

All Blizzard games (a particularly bad one is world of warcraft - it's odd, the bad image errors pop up whenever the in game cursor changes image)

MSSearch (this is an analytical chemistry program that matches chemical mass spectra against a database)

Thanks.

[kevinf80]

Thanks for the update TBbbbb,

yes leave RK overnight and see what happens...  Regarding the programs you`ve listed, can you see if Adobe Reader needs to be updated, maybe also reinstall MSSearch. If the Blizzard games are played through a browser check to see if Flashplayer needs updating... We`ll have a better idea when we see the produced logs....

Regards,

Kevin..

[TBbbbb]

After 24 hours continuous running I've decided to give up on RK. Trying to stop the scan confirms that the software unfortunately wasn't functioning correctly, as it is hanging and wouldn't close without using the task manager.

I tried updating Adobe Reader, but get the message that my version is newer than the latest available on the website, which seems a bit odd.  The Blizzard games aren't played through a browser, but I have do have problems with Flashplayer and Firefox. Many websites state that flash isn't up to date, even if I install the latest version.

So, onto the FRST logs, first FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by TBbbbb (administrator) on WORK-LAPTOP (07-09-2017 17:21:00)
Running from C:\Users\TBbbbb\Desktop
Loaded Profiles: TBbbbb (Available Profiles: TBbbbb)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Thermo Fisher Scientific Inc.) C:\Program Files (x86)\Thermo\Foundation\CFRDBService.exe
(Thermo Fisher Scientific Inc.) C:\Program Files (x86)\Thermo\Foundation\FinAutoLogOff.exe
(Thermo Electron Corporation) C:\Xcalibur\system\programs\finSS_Server.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Thermo Fisher Scientific Inc.) C:\Program Files (x86)\Thermo\Foundation\ThermoFisher.Foundation.Auditing.FinSecurityService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.11.500\SSScheduler.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1561_none_7ef6e89821f9a6be\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-09-08] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8504064 2015-08-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-08-17] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5793048 2014-10-09] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19491792 2014-10-17] (Entertainment Experience)
HKLM-x32\...\Run: [AutoLogoff] => C:\Program Files (x86)\Thermo\Foundation\AutoLogOff.exe [90112 2012-11-08] (Thermo Fisher Scientific Inc.)
HKLM-x32\...\Run: [ThermoFisher.Foundation.AcqSupportTray] => C:\Program Files (x86)\Thermo\Foundation\ThermoFisher.Foundation.AcqSupportTray.exe [86016 2012-11-08] (Thermo Fisher Scientific Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [919032 2017-08-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\Run: [Google Update] => C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-26] (Google Inc.)
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\Run: [TomTom MySports Connect.exe] => C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe [638464 2017-06-22] (TomTom)
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\Run: [MusicManager] => C:\Users\TBbbbb\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-02] (Google Inc.)
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-07]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3482e2ca-b453-4867-9844-4dba08cdf7a7}: [NameServer] 10.4.0.1
Tcpip\..\Interfaces\{3482e2ca-b453-4867-9844-4dba08cdf7a7}: [DhcpNameServer] 10.4.0.1
Tcpip\..\Interfaces\{542e92c9-6eb8-4072-8d5d-056590f034d4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8b41947b-2465-4b0b-bf9e-836145a6f43a}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-23] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-07-23] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-23] (Microsoft Corporation)
DPF: HKLM-x32 {206599BA-54C3-4B56-8B27-361541F02B36} hxxp://www.sussex.ac.uk/its/xpc-eduroam/tools/xc_loader_activex.ocx
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: kboy2yek.default
FF ProfilePath: C:\Users\TBbbbb\AppData\Roaming\Mozilla\Firefox\Profiles\kboy2yek.default [2017-09-06]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kboy2yek.default -> Google (UK)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kboy2yek.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\kboy2yek.default -> hxxp://google.co.uk/
FF Extension: (Google Search by Image) - C:\Users\TBbbbb\AppData\Roaming\Mozilla\Firefox\Profiles\kboy2yek.default\Extensions\google@hitachi.com.xpi [2016-04-27]
FF Extension: (Reddit Enhancement Suite) - C:\Users\TBbbbb\AppData\Roaming\Mozilla\Firefox\Profiles\kboy2yek.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-08-16]
FF Extension: (LastPass: Free Password Manager) - C:\Users\TBbbbb\AppData\Roaming\Mozilla\Firefox\Profiles\kboy2yek.default\Extensions\support@lastpass.com [2017-07-22]
FF Extension: (Zotero) - C:\Users\TBbbbb\AppData\Roaming\Mozilla\Firefox\Profiles\kboy2yek.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-09-03]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\TBbbbb\AppData\Roaming\Mozilla\Firefox\Profiles\kboy2yek.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-10-16]
FF Extension: (Firefox Screenshots) - C:\Users\TBbbbb\AppData\Roaming\Mozilla\Firefox\Profiles\kboy2yek.default\features\{ed3216fd-2587-44ed-b338-2a028e67c500}\screenshots@mozilla.org.xpi [2017-09-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-07-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1271374752-3483292897-266657564-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\TBbbbb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1271374752-3483292897-266657564-1001: @talk.google.com/O1DPlugin -> C:\Users\TBbbbb\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1271374752-3483292897-266657564-1001: @tools.google.com/Google Update;version=3 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-1271374752-3483292897-266657564-1001: @tools.google.com/Google Update;version=9 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-1271374752-3483292897-266657564-1001: ipcamera.com/IPCamPlug -> C:\WINDOWS\npIPCamPlug.dll [2015-02-24] (IPCamera)
FF Plugin ProgramFiles/Appdata: C:\Users\TBbbbb\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TBbbbb\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome: 
=======
CHR HomePage: Default -> hxxp://danlink.danwood.ad/divisions/gservice/SDU/default.aspx
CHR Profile: C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default [2017-09-07]
CHR Extension: (Google Slides) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-17]
CHR Extension: (Google Docs) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-17]
CHR Extension: (Google Drive) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-17]
CHR Extension: (YouTube) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-17]
CHR Extension: (Adobe Acrobat) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Calendar) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-31]
CHR Extension: (Google Sheets) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-17]
CHR Extension: (Planetarium) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2017-01-31]
CHR Extension: (Google Keep - notes and lists) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-09-06]
CHR Extension: (Skype) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-30]
CHR Extension: (Google Mail Checker) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-02-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-17]
CHR Extension: (Chrome Media Router) - C:\Users\TBbbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-08-29] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1525240 2017-08-29] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [404816 2017-08-15] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-08-08] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-20] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-22] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 Finnigan Auto Log Off; C:\Program Files (x86)\Thermo\Foundation\FinAutoLogOff.exe [24576 2012-11-08] (Thermo Fisher Scientific Inc.) [File not signed]
R2 Finnigan Security Server; C:\Xcalibur\system\programs\finSS_Server.exe [65536 2012-08-30] (Thermo Electron Corporation) [File not signed]
R2 FinniganDatabaseService; C:\Program Files (x86)\Thermo\Foundation\CFRDBService.exe [40960 2012-11-08] (Thermo Fisher Scientific Inc.) [File not signed]
R2 FinniganSecurityService; C:\Program Files (x86)\Thermo\Foundation\ThermoFisher.Foundation.Auditing.FinSecurityService.exe [24576 2012-11-08] (Thermo Fisher Scientific Inc.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382448 2017-02-24] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-10-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.11.500\McCHSvc.exe [272136 2017-01-19] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-08-17] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 TMODevMsgDispatcher; C:\Program Files (x86)\Thermo\Foundation\TMODeviceMsgDispatcher.exe [18432 2012-11-08] (Thermo Fisher Scientific Inc.) [File not signed]
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [93648 2014-10-17] ()
S3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [468992 2016-07-16] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleODD; C:\WINDOWS\system32\DRIVERS\AppleODD.sys [8704 2012-12-22] (Apple Inc.) [File not signed]
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-19] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176856 2017-08-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-08-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-22] (Avira Operations GmbH & Co. KG)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-10-30] (ELECOM)
R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-10-30] (ELECOM)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [253680 2015-03-20] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-09-06] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3524360 2016-09-24] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-10-07] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [4995856 2016-03-23] (Realtek Semiconductor Corporation )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [435200 2016-09-03] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated)
U5 TMUSB; C:\WINDOWS\System32\DRIVERS\TMUSB64.SYS [63096 2016-06-29] (Seiko Epson Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-09-06] ()
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2015-09-08] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-07 17:21 - 2017-09-07 17:22 - 000029464 _____ C:\Users\TBbbbb\Desktop\FRST.txt
2017-09-07 17:15 - 2017-09-07 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-09-07 17:15 - 2017-09-07 17:15 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2017-09-07 17:15 - 2017-09-07 17:15 - 000000000 ____D C:\Program Files (x86)\McAfee Security Scan
2017-09-06 14:22 - 2017-09-07 14:17 - 000000000 ____D C:\Users\TBbbbb\AppData\Local\CrashDumps
2017-09-06 13:03 - 2017-09-06 13:03 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-06 13:03 - 2017-09-06 13:03 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-06 13:02 - 2017-09-06 13:03 - 026680904 _____ C:\Users\TBbbbb\Downloads\RogueKiller_portable64.exe
2017-09-06 13:02 - 2017-09-06 13:02 - 000001444 _____ C:\Users\TBbbbb\Desktop\malwarebytesreport.txt
2017-09-06 12:35 - 2017-09-06 12:35 - 000096193 _____ C:\Users\TBbbbb\Downloads\Letter 15617 (2).pdf
2017-09-06 12:34 - 2017-09-06 12:34 - 000329862 _____ C:\Users\TBbbbb\Downloads\Joint report (2).pdf
2017-09-06 12:28 - 2017-09-06 12:28 - 003045862 _____ C:\Users\TBbbbb\Downloads\Thesis Full.pdf
2017-09-05 23:11 - 2017-09-06 09:08 - 000000000 ____D C:\AdwCleaner
2017-09-05 23:10 - 2017-09-05 23:11 - 008182736 _____ (Malwarebytes) C:\Users\TBbbbb\Downloads\AdwCleaner.exe
2017-09-05 22:52 - 2017-09-05 22:52 - 000007376 _____ C:\Users\TBbbbb\Downloads\post-2584-0-51411100-1396388291.ipb
2017-09-05 22:43 - 2017-09-07 17:21 - 000000000 ____D C:\FRST
2017-09-05 22:42 - 2017-09-05 22:42 - 002395648 _____ (Farbar) C:\Users\TBbbbb\Desktop\FRST64.exe
2017-09-03 20:53 - 2017-09-03 20:53 - 000096193 _____ C:\Users\TBbbbb\Downloads\Letter 15617 (1).pdf
2017-09-03 20:52 - 2017-09-03 20:52 - 000329862 _____ C:\Users\TBbbbb\Downloads\Joint report (1).pdf
2017-09-03 13:52 - 2017-09-03 13:52 - 000000000 ___HD C:\OneDriveTemp
2017-09-02 12:43 - 2017-04-21 22:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-09-02 12:43 - 2017-04-21 22:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-09-02 12:43 - 2017-04-21 22:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-09-02 12:43 - 2017-04-21 22:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-09-02 12:43 - 2017-04-11 19:27 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-09-02 12:43 - 2017-04-11 19:27 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-09-02 12:43 - 2017-03-15 19:15 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-09-02 12:43 - 2017-03-15 19:15 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-09-02 01:36 - 2017-08-04 06:31 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-09-02 01:36 - 2017-08-04 06:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-09-02 01:36 - 2017-08-04 06:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-09-02 01:36 - 2017-08-04 06:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-09-02 01:36 - 2017-08-04 06:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-09-02 01:36 - 2017-08-04 06:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-09-02 01:36 - 2017-08-04 06:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-09-02 01:36 - 2017-08-04 06:31 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-09-02 01:36 - 2017-08-04 06:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-09-02 01:36 - 2017-08-04 06:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-09-02 01:36 - 2017-08-04 05:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-09-01 23:15 - 2017-09-01 23:15 - 000000000 ____D C:\Users\TBbbbb\Downloads\FixWin10
2017-09-01 23:13 - 2017-09-01 23:13 - 000106816 _____ C:\Users\TBbbbb\Downloads\FixWin10.zip
2017-08-26 22:29 - 2017-08-26 22:29 - 000001852 _____ C:\Users\TBbbbb\Desktop\Variables - Shortcut.lnk
2017-08-23 21:03 - 2017-08-23 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-22 17:55 - 2017-08-22 17:55 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-22 17:55 - 2017-08-22 17:55 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-22 17:55 - 2017-08-22 17:55 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-22 17:55 - 2017-08-22 17:55 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-09 20:36 - 2017-08-09 20:36 - 000000000 ___DL C:\Users\TBbbbb\AppData\LocalLow\PlayReady
2017-08-09 20:35 - 2017-08-09 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-08-09 20:35 - 2017-08-09 20:35 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-08-09 20:35 - 2017-08-09 20:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-08-09 20:32 - 2017-08-09 20:32 - 006950552 _____ (Microsoft Corporation) C:\Users\TBbbbb\Downloads\Silverlight.exe
2017-08-09 20:16 - 2017-08-09 20:16 - 000000000 ____D C:\1d1dc4a350027d3ee5ec02af4a1d
2017-08-09 20:15 - 2017-08-09 20:16 - 075898094 _____ C:\Users\TBbbbb\Downloads\Microsoft-Windows-MediaFeaturePack-OOB-Package.msu

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-07 17:17 - 2015-03-26 15:05 - 000000000 ____D C:\Users\TBbbbb\AppData\Local\Adobe
2017-09-07 17:10 - 2016-09-07 17:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-07 12:00 - 2016-07-16 12:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-07 07:11 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-06 23:11 - 2015-08-01 18:49 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-06 23:11 - 2015-04-10 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-06 19:45 - 2017-03-04 17:41 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-09-06 19:44 - 2017-04-02 16:43 - 000000000 ____D C:\Users\TBbbbb\AppData\Local\Battle.net
2017-09-06 19:44 - 2017-04-02 16:26 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-09-06 13:00 - 2017-04-02 15:12 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-06 09:10 - 2016-09-07 18:06 - 000000000 ____D C:\Users\TBbbbb
2017-09-06 03:54 - 2016-07-16 12:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-06 02:20 - 2015-03-24 18:25 - 000000000 ____D C:\World of Warcraft
2017-09-05 23:22 - 2015-08-01 19:23 - 001500322 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-05 23:17 - 2016-09-07 18:01 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-05 23:17 - 2015-03-23 19:15 - 000000000 __SHD C:\Users\TBbbbb\IntelGraphicsProfiles
2017-09-05 23:16 - 2016-12-22 18:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-05 23:16 - 2016-09-07 18:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-05 23:16 - 2015-03-23 19:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-05 23:15 - 2016-07-16 07:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-05 23:15 - 2015-03-24 17:07 - 000000000 ___RD C:\Users\TBbbbb\OneDrive
2017-09-04 17:52 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\rescache
2017-09-03 21:06 - 2015-04-20 10:49 - 000000000 ____D C:\Users\TBbbbb\AppData\Local\RStudio-Desktop
2017-09-03 21:05 - 2015-04-21 15:24 - 000000000 ____D C:\Users\TBbbbb\chemaxon
2017-09-03 16:38 - 2016-12-23 15:23 - 000000000 ____D C:\Users\TBbbbb\AppData\LocalLow\Mozilla
2017-09-03 13:51 - 2017-07-27 19:02 - 000003394 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1271374752-3483292897-266657564-1001
2017-09-03 13:51 - 2015-08-01 20:12 - 000002404 _____ C:\Users\TBbbbb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-02 23:04 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-02 01:22 - 2017-07-28 19:19 - 000000000 ____D C:\Program Files\rempl
2017-09-02 01:12 - 2016-07-16 12:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-02 01:10 - 2015-03-24 16:52 - 000000000 ____D C:\Program Files\Microsoft Office
2017-09-01 23:54 - 2017-04-02 19:25 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-01 23:19 - 2016-11-20 22:20 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-01 23:19 - 2016-01-02 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2017-09-01 23:18 - 2015-04-10 19:01 - 000000000 ____D C:\Users\TBbbbb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-01 22:24 - 2015-01-20 05:34 - 000000000 ____D C:\Program Files\Dell
2017-08-31 18:31 - 2015-05-02 18:39 - 000000000 ____D C:\Users\TBbbbb\AppData\Local\ElevatedDiagnostics
2017-08-30 00:22 - 2015-11-16 12:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 23:07 - 2015-04-10 12:50 - 000176856 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-08-29 23:07 - 2015-04-10 12:50 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-08-29 17:16 - 2016-11-17 12:15 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-26 22:29 - 2015-08-14 13:15 - 000000000 ____D C:\Users\TBbbbb\Documents\Heroes of the Storm
2017-08-23 21:04 - 2015-01-20 05:48 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-21 20:46 - 2015-09-27 10:35 - 000000000 ____D C:\Users\TBbbbb\Documents\BloodBowl2
2017-08-12 18:38 - 2016-07-16 12:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-12 15:04 - 2015-03-24 18:21 - 000000000 ____D C:\Users\TBbbbb\AppData\Local\Blizzard Entertainment
2017-08-12 00:38 - 2015-03-24 17:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-12 00:25 - 2015-03-24 17:38 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-10 19:30 - 2016-09-07 18:25 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-08 21:34 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 21:34 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2017-08-06 20:42 - 2017-08-06 20:42 - 000001104 ___SH () C:\Users\TBbbbb\AppData\Local\CM23A30.tmp
2017-05-21 21:42 - 2017-05-21 21:42 - 000000218 _____ () C:\Users\TBbbbb\AppData\Local\recently-used.xbel
2015-04-07 14:39 - 2015-04-07 14:39 - 000007608 _____ () C:\Users\TBbbbb\AppData\Local\Resmon.ResmonCfg
2016-09-07 18:02 - 2016-09-07 18:02 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-09-07 18:45 - 2016-09-07 18:45 - 000000000 ____D () C:\Users\TBbbbb\AppData\Local\Temp\avgnt.exe
2017-09-06 13:03 - 2016-09-15 18:27 - 001883784 _____ (Microsoft Corporation) C:\Users\TBbbbb\AppData\Local\Temp\dllnt_dump.dll
2017-05-26 23:20 - 2017-05-26 23:20 - 002875848 _____ () C:\Users\TBbbbb\AppData\Local\Temp\TomTomSportsConnectInstallerPatch-3.2.7.exe
2017-06-13 18:10 - 2017-06-13 18:10 - 002884144 _____ () C:\Users\TBbbbb\AppData\Local\Temp\TomTomSportsConnectInstallerPatch-3.2.8.exe
2017-07-09 19:42 - 2017-07-09 19:42 - 002785360 _____ () C:\Users\TBbbbb\AppData\Local\Temp\TomTomSportsConnectInstallerPatch-3.2.9.exe
2017-08-06 20:40 - 2017-08-06 20:40 - 003480916 _____ (Dropbox, Inc.) C:\Users\TBbbbb\AppData\Local\Temp\{40A7AD2D-AA14-4B08-8625-E417F6A25126}-DropboxClient_31.4.25.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-30 22:05

==================== End of FRST.txt ============================

 

And now Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by TBbbbb (07-09-2017 17:22:33)
Running from C:\Users\TBbbbb\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-07 17:39:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1271374752-3483292897-266657564-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1271374752-3483292897-266657564-503 - Limited - Disabled)
Guest (S-1-5-21-1271374752-3483292897-266657564-501 - Limited - Disabled)
TBbbbb (S-1-5-21-1271374752-3483292897-266657564-1001 - Administrator - Enabled) => C:\Users\TBbbbb

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
AirVPN (HKLM-x32\...\AirVPN) (Version:  - AirVPN - hxxps://airvpn.org)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{BAFFDF47-1C81-7AEB-9528-FDD518AADF21}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{4771539a-931b-4378-8d4a-721ba62effca}) (Version: 1.2.95.14694 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{C22F76F2-AC9E-44BA-B297-71485F94022F}) (Version: 1.2.95.14694 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.30.29 - Avira Operations GmbH & Co. KG)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
ChemAxon Marvin Beans 15.4.13.0 (HKLM-x32\...\ChemAxon Marvin Beans 15.4.13.0) (Version:  - ChemAxon)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
Discord (HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\Discord) (Version: 0.0.286 - Hammer & Chisel, Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dropbox (HKLM-x32\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.8.1 - Seiko Epson Corporation)
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version:  - SQUARE ENIX)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{694000a5-c594-49d2-b6e4-ef3960120b0f}) (Version: 17.1.0 - Intel Corporation)
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
IP Camera Search Tool 1.0 (HKLM-x32\...\IP Camera Search Tool) (Version: 1.0 - IPCamera)
JChem .NET API 15.4.1300.98 (HKLM-x32\...\{7FF56F35-BE83-4AE4-94AC-2D3EA9CF6CBE}) (Version: 15.4.1300 - ChemAxon)
KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.4616.61 - Waves Audio Ltd.) Hidden
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Music Manager (HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\MusicManager) (Version:  - Google, Inc.)
NIST 11 MS Library and AMDIS v.2.70 (HKLM-x32\...\{23B37933-A331-4876-9687-71F0E6693BCD}) (Version: 2.1.2.19 - National Institute of Standards and Technology)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
PX Profile Update (HKLM-x32\...\{238FC8B8-0732-95F4-BC8A-2EEC0E73C7CC}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{79DB4FB1-2556-27C8-C606-1A0DD3E315B9}) (Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.014 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1103 - RStudio)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.15.201510291138 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.289 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.289 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Thermo Foundation 2.1 (HKLM-x32\...\{69B6DACA-5E1F-487E-AD12-1CAFAAAD37FC}) (Version: 2.1.29 - Thermo Fisher Scientific Inc.) Hidden
Thermo Foundation 2.1 (HKLM-x32\...\{DA6B3436-6659-42E0-8D51-FA46ADB500AD}) (Version: 2.1.29 - Thermo Fisher Scientific Inc.)
Thermo Xcalibur (HKLM-x32\...\{31B6E4B9-3009-4C52-8667-B8F094333F1F}) (Version: 2.3.0.26 - Thermo Fisher Scientific Inc.) Hidden
Thermo Xcalibur (HKLM-x32\...\{E6C3F26E-2775-4785-B6CA-F8E24466804E}) (Version: 2.3.0.26 - Thermo Fisher Scientific Inc.)
TL-WN725N_WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
TomTom Sports Connect (HKLM-x32\...\TomTom Sports Connect) (Version: 3.2.9.0 - TomTom International B.V.)
True Color (HKLM\...\{15D51933-EB91-42AF-99D8-F75DCFBA0C87}) (Version: 5.0.0.6 - Entertainment Experience LLC) Hidden
True Color (HKLM-x32\...\{d3c1120e-12a0-45ac-ad51-e255f518ce24}) (Version: 5.0.0.6 - Entertainment Experience)
Umetrics SIMCA 14 (HKLM\...\{2F91B3D2-81ED-49BF-8F19-2855D33D8D4F}) (Version: 14.0.0.1359 - Umetrics AB)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
W9N11 - MSSearch (HKLM-x32\...\{1A4FA553-4947-4FD8-9F7A-0E9A3B231542}) (Version: 1.00.0000 - John Wiley and Sons, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1271374752-3483292897-266657564-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1271374752-3483292897-266657564-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1271374752-3483292897-266657564-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1271374752-3483292897-266657564-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1271374752-3483292897-266657564-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1271374752-3483292897-266657564-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1271374752-3483292897-266657564-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1271374752-3483292897-266657564-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1271374752-3483292897-266657564-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TBbbbb\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-08-29] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-24] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-08-29] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BCD18A-14BE-4B36-9B24-2AF9F34BD9DA} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {08144AF3-2089-4344-A33F-67F14FDD53DC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {09661080-F768-42F3-BC0E-FA65DE242DD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0C9FF651-A9F3-4178-9336-366A39713B24} - \WPD\SqmUpload_S-1-5-21-1271374752-3483292897-266657564-1001 -> No File <==== ATTENTION
Task: {1977FFD7-0011-45A7-BC5A-2DF17AC7FF4B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-20] (Dropbox, Inc.)
Task: {1B4B1670-14A4-47B5-9432-74D31B210699} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {25438FD7-8185-4FA3-B03B-14612DC45AAB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {281FBDFB-98D2-4A9D-87E7-4E3D844C48A6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {2B559E46-E6BE-4EFF-85DC-716CDB796626} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2CABB607-C6C3-413A-825E-4B708538A458} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {3050C6B8-8249-481D-8EC2-6756ED5DCD20} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3495E5CE-BDCA-457F-8E74-E8A80D4FBFEF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {372B72DC-AE9C-4FA1-887B-18974E64B3E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-17] (Google Inc.)
Task: {3928213D-2EF3-4F7F-A7A5-4B562D006496} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-02] (Microsoft Corporation)
Task: {3FAC0432-6993-4604-8FCA-7EBAB4E67320} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1271374752-3483292897-266657564-1001UA1d25d2e9a373d81 => C:\Users\TBbbbb\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {473133FA-4558-489E-8E10-186E1B3E2FEA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {4BCBFE1B-1421-4893-A791-6B4EE48959D6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {56026076-65B8-4B69-806E-29A5553109D3} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {56E01510-8480-4A88-AB0E-13F09248A5C9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-20] (Dropbox, Inc.)
Task: {672CEFB3-CEE4-4099-B35E-8DA265FCF800} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6B8264CB-87A7-491F-8C5D-2069E53330B6} - System32\Tasks\{2AC5C74F-3467-4729-8491-B0663BC8B369} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enGB --uid=battle.net --displayname="Battle.net"
Task: {75C16100-8A7B-4E63-B960-C2F2A0BD131F} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-08-17] (Microsoft Corporation)
Task: {76C1E596-F0CC-46CB-A222-52A7A4BF99AC} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {7BE379F0-C5B9-48BE-8F91-F2ABC61292BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {8E3F9B3C-8EE2-4973-BA47-D772709D78E8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {8F349E81-5AEC-479E-8518-64E0BF7B1677} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {9310064F-9D14-4767-B3A4-8256EE35F73F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-17] (Google Inc.)
Task: {9E49F7B1-F659-4114-A83C-67AEB9FBBA07} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9E840ACF-4A6D-4A23-9395-9951B73E7CBB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1271374752-3483292897-266657564-1001UA => C:\Users\TBbbbb\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {A3FFE2E9-83F6-4D9A-9D16-5728C2216B2E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-17] (Realtek Semiconductor)
Task: {B82BEF1D-5DF1-4E48-8010-98905CD9BD45} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1271374752-3483292897-266657564-1001Core1d25d2e9a1d8bd0 => C:\Users\TBbbbb\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {C369065F-FA7E-463B-966F-A3101A6FB874} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {C3CA8ADB-92A7-4B1A-94EF-32199EC548C5} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\TBbbbb\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {C67AD58B-7009-4668-BA8E-B2CA4672341E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C8454781-5686-46FC-9AB1-644CE7D0304C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-02] (Microsoft Corporation)
Task: {CEE1F49A-BC2D-4E33-82D9-54236CAFCBFB} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-08-17] (Microsoft Corporation)
Task: {D32CB910-58D2-42DD-B352-E603BC410A1D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-02] (Microsoft Corporation)
Task: {DBF57814-5654-4CB1-94AF-71EE36EA2DF9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {E4B3AB74-02EF-4FB5-99F6-6430E6D82124} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EA70AF7E-230C-43F5-B595-623686E1DE50} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {EA97E2B6-AD9D-4E2C-A1DF-DA30D3E47E93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1271374752-3483292897-266657564-1001Core => C:\Users\TBbbbb\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {FE0AF501-0730-4946-8FD4-630B06B494BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1271374752-3483292897-266657564-1001Core.job => C:\Users\TBbbbb\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1271374752-3483292897-266657564-1001UA.job => C:\Users\TBbbbb\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RunDFS.job => cmd /c sc start Dell Foundation ServicesWORKGROUP WORK LAPTOP

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\TBbbbb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-01 13:36 - 2016-09-15 18:25 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-04-07 19:06 - 2014-04-07 19:06 - 000466944 _____ () C:\WINDOWS\system32\DPPPlugin.dll
2014-10-17 21:16 - 2014-10-17 21:16 - 000093648 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2016-05-08 20:52 - 2017-01-29 14:55 - 008930504 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 000130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-09-13 21:13 - 2016-09-07 05:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-01 13:35 - 2016-09-15 17:39 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-09-02 01:59 - 2017-09-02 02:00 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-02 01:59 - 2017-09-02 02:00 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-02 01:59 - 2017-09-02 02:00 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-02 01:59 - 2017-09-02 02:00 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2015-10-07 14:10 - 2017-02-24 20:07 - 000410608 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-01 13:36 - 2016-09-15 17:18 - 001401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-03 11:18 - 2017-09-03 11:20 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-09-03 11:18 - 2017-09-03 11:20 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-09-03 11:18 - 2017-09-03 11:20 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-09-03 11:18 - 2017-09-03 11:20 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-09-03 11:18 - 2017-09-03 11:20 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-09-03 11:18 - 2017-09-03 11:20 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-06 17:21 - 2017-06-06 17:35 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-06 17:21 - 2017-06-06 17:34 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-09-03 11:18 - 2017-09-03 11:20 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-23 07:40 - 2017-05-23 07:40 - 003918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-04-02 15:12 - 2017-03-24 04:09 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-10-01 13:36 - 2016-09-15 17:24 - 009760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-01 13:36 - 2016-09-15 17:17 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-01 13:36 - 2016-09-15 17:18 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-01 13:36 - 2016-09-15 17:18 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-01 13:36 - 2016-09-15 17:20 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-08-29 17:16 - 2017-08-23 09:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 17:16 - 2017-08-23 09:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 000155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-05-01 15:27 - 2017-05-01 15:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2014-10-10 18:37 - 2014-10-10 18:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-08-24 13:10 - 2017-08-24 13:10 - 023854576 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-12-23 19:10 - 2016-12-23 19:10 - 000323152 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2017-07-31 23:31 - 2017-07-31 23:31 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\sharepoint.com -> hxxps://universityofsussex.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1271374752-3483292897-266657564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TBbbbb\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "TrueColor UI"
HKLM\...\StartupApproved\Run32: => "AutoLogoff"
HKLM\...\StartupApproved\Run32: => "ThermoFisher.Foundation.AcqSupportTray"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\StartupApproved\Run: => "TSMApplication"
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\StartupApproved\Run: => "TomTom MySports Connect.exe"
HKU\S-1-5-21-1271374752-3483292897-266657564-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{8CCBBA1E-0582-45D0-9F12-CC23BC593CBC}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm.exe
FirewallRules: [TCP Query User{D74C948A-8580-4E0D-A5D1-BE277B243F9B}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm.exe
FirewallRules: [UDP Query User{42653FF4-D6A7-4797-9D71-8B9E1F9EDEF0}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm.exe
FirewallRules: [TCP Query User{1F753129-0B58-4434-A6B0-B08E7E7ACF62}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm.exe
FirewallRules: [{529561FB-6F8C-424D-B868-5D9BCB28DF9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{BFA6EEF9-8BCC-4ED3-BF4A-FD8DA0F7456C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [UDP Query User{A71D3560-BA93-44AE-82C9-C0D6CAC1124C}C:\program files (x86)\heroes of the storm public test\versions\base42742\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm public test\versions\base42742\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E74B791E-C07D-4748-AE62-610BC241B132}C:\program files (x86)\heroes of the storm public test\versions\base42742\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm public test\versions\base42742\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ACB88D62-7A02-411C-85D5-6846E3F0C906}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{DB490422-7DDD-42D9-A2CA-5538A21A8401}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{8391FF68-5DBD-4D8F-B81D-9DFEA83B2467}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm.exe
FirewallRules: [TCP Query User{FA25CFA2-7AA0-4C3C-9304-07505AA22C37}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm.exe
FirewallRules: [UDP Query User{8C6A7AD0-648B-4819-ACE3-875180F844AF}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm.exe
FirewallRules: [TCP Query User{C0EC12DA-9A75-47D3-B73E-27D1998C7DE9}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm.exe
FirewallRules: [UDP Query User{62F045BB-D964-44A8-A691-B451E7FADCAF}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{E8C747F9-9AAD-467B-AB8F-A86C0481072A}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{3CC4C0D4-A8B7-4E70-81F3-CF4068379083}C:\users\TBbbbb\appdata\roaming\ipcamera\searchtool4.exe] => (Allow) C:\users\TBbbbb\appdata\roaming\ipcamera\searchtool4.exe
FirewallRules: [TCP Query User{178EE5C1-726E-4DFE-815E-27E5D00C9E65}C:\users\TBbbbb\appdata\roaming\ipcamera\searchtool4.exe] => (Allow) C:\users\TBbbbb\appdata\roaming\ipcamera\searchtool4.exe
FirewallRules: [UDP Query User{6B035B9C-F5A1-4FAA-9207-90806455FFF3}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{63FF2107-3650-4BAE-9EA0-146BBB1376C8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{7D17DF8D-6D3F-4EFD-B007-97B106D32286}C:\program files (x86)\heroes of the storm\versions\base42273\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42273\heroesofthestorm.exe
FirewallRules: [TCP Query User{4F4660DB-14FC-49B8-9BA5-B9F861783CDB}C:\program files (x86)\heroes of the storm\versions\base42273\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42273\heroesofthestorm.exe
FirewallRules: [UDP Query User{66E15540-C59B-4583-A14E-40C80118F765}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm.exe
FirewallRules: [TCP Query User{B6145E4A-ED96-4AC9-9E03-530EDC159F89}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm.exe
FirewallRules: [UDP Query User{6BB95642-B3B3-4DCC-B4D7-5DE0B1F3B7BF}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm.exe
FirewallRules: [TCP Query User{579E6E57-DCA8-4643-A34D-087D911C4CD9}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm.exe
FirewallRules: [UDP Query User{1C04C217-F5F1-443D-BF07-DB2E2E3D2BF7}C:\program files (x86)\heroes of the storm public test\versions\base41609\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm public test\versions\base41609\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{AEC31044-916A-4D42-8D74-B453CD975223}C:\program files (x86)\heroes of the storm public test\versions\base41609\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm public test\versions\base41609\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{362A8343-CCDF-4C2E-BAB6-0714F6D78456}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{8B028173-87DB-411C-A3FC-6910AFD865C3}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{460EED79-DF87-4344-941B-816F73271D3B}] => (Block) C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm.exe
FirewallRules: [{A890EB57-B28F-46FF-BEC1-7E5EA5C2BDCD}] => (Block) C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm.exe
FirewallRules: [UDP Query User{6685D00E-AA69-4888-8C98-2460C1AA7096}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm.exe
FirewallRules: [TCP Query User{94763AE0-93C4-4A00-A17B-D43222DEB196}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm.exe
FirewallRules: [UDP Query User{21C21C42-9481-47AB-9014-A0BC22DDA3B2}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [TCP Query User{6BB36EAC-982C-4294-8EFA-67A709C343FC}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [{1834AE38-D926-4BF1-B7EA-9FAD48DDFE08}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8AB16DD4-69F8-467A-843F-98BD68E0D6E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{911BACD5-96AF-4BDE-8EA7-7B84FFA5DC15}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{672B25F0-2C9B-45C5-AA07-4F63E1F721BA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1619945F-A8B0-4C26-8346-9B03B9841A5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{85DC060A-D271-44B9-A807-E274090A4968}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{78FFA33B-8B0F-49F3-AA1B-C93E3F5D8792}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{491B97A8-A33A-4297-8497-64B41351A58E}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{A8D2FD64-D36E-4ADB-AC75-352B693283AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{328521BC-74DE-4801-95A6-D357B202094D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4E661172-56DF-465A-B071-75A2C3249D72}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{E55921B4-7F6A-46F2-98BD-67A504F33A49}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{637DF889-ADA5-4A85-9311-029D6C623AEC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1347E91F-9137-4E9D-AD6D-A7DC5EBF960B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{029549F3-C208-4711-ACB3-9F9367D9AB12}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3047300E-761F-448F-A3BA-B45F5817FBA8}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{ECC28340-DB11-4A98-9C82-8CAF3C9081B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{77DCE6B0-81D5-401F-A0E0-A32CE1DAACC4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9FA7888D-C31E-44AA-8DCB-F6C257FC9C7B}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{DFF2DE86-6721-47CD-BF81-99AD677AABF1}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{0DDED20B-B20C-41DE-B8AE-6769E0BA1F87}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{365AE724-4A82-4D2E-9DBE-962FE27DF24F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{AFA317C5-639D-4971-AED2-3F249F141278}C:\users\TBbbbb\downloads\ij150-win-jre6\imagej\imagej.exe] => (Allow) C:\users\TBbbbb\downloads\ij150-win-jre6\imagej\imagej.exe
FirewallRules: [UDP Query User{3393A2A0-F200-459B-940A-6328028616A4}C:\users\TBbbbb\downloads\ij150-win-jre6\imagej\imagej.exe] => (Allow) C:\users\TBbbbb\downloads\ij150-win-jre6\imagej\imagej.exe
FirewallRules: [TCP Query User{7276D2F2-A2F2-491E-A4C0-39A845A39FB9}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{5979B749-09A9-42D2-B3A5-44414C5ED334}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{3711632A-C12D-4567-9287-557F3A40FD6F}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A96E39D0-B232-44A8-8DA0-DFF6739D984D}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{60756C5E-CB44-436D-9FE5-99F51F7CB29B}C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{20F925F3-4EA0-4CDB-9578-5B7FA43F7416}C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F3646F23-31F9-4741-B67D-B94408F83322}C:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E9C65670-C0D1-4C13-8A14-CC109E4AB3B0}C:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A81F7054-5D27-4039-AB02-83CAFADF86D9}C:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{33EA6C15-6505-406A-B51B-C67CE9036592}C:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{9BA53EA1-70ED-40FD-BA25-918D7682EC58}C:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EFF93538-EB70-416D-A96A-5CBAC2E95B6C}C:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [{B8754BB1-BF59-4E1E-9BA0-282D91695234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
FirewallRules: [{FFD628C8-96EE-4507-87AD-CADCE1A67672}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
FirewallRules: [TCP Query User{FFA8055F-CAD0-42E1-AFB0-34200DBAFE94}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{820B3417-353D-48F9-BF54-1E5D85324B1F}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A0BF1C50-6AE5-4823-AC0C-240FBEDB60B2}C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BC6875C7-3FAC-40A6-8560-E1907EE33306}C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F48972B0-66BC-464E-A170-85F1CE8F5941}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{05C4D90E-F4C9-45BA-9142-392E938020A0}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{27D336FE-224A-46A9-A1C3-334B6721E062}C:\program files (x86)\blizzard app\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8657\battle.net.exe
FirewallRules: [UDP Query User{8FB6C628-EF11-4761-9378-9952ADED2A01}C:\program files (x86)\blizzard app\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8657\battle.net.exe
FirewallRules: [TCP Query User{2E42F779-D07E-4180-A10C-60D3A3691762}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A230C11A-72BA-4DE2-B715-3479C5FC4B5D}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{9F9C6FA7-2BDB-4D25-90A0-777E0EF6AB05}C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EE531734-F024-4715-935F-CF7F25741B21}C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5539C265-37CC-4A77-90D2-B2206E42C5E1}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EC77B64F-94FC-4005-A3A7-D0C9F6231E46}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8F24384B-0494-47A4-8619-12A604EFF3C0}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FE7BBE17-B872-42F9-8026-3CF9F8A2E445}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{86688C12-C095-42E2-9F99-1E7B88D92837}C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E62966BD-8E19-4285-9BE6-DCBB3FEBB08E}C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{5DD987E4-2A97-4B60-B1E0-D47498C21ABE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9B424754-C173-425E-9DE6-7E52702010C4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E792FFDD-9D24-4539-A5BB-A91EA24B9F40}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{826B2050-187D-4C97-903E-B297B6F15947}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B897B2E5-18C6-46A1-BEB8-09470CBD03B2}C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{456108E8-4373-42C4-8655-D9D251630A2F}C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2B794B33-E3B2-477D-B59B-B7FA5AE8B103}C:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{331F8A10-0465-4709-B8C6-FA72BC2A3F99}C:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{04EE37F7-EBD3-4EDC-851D-89F4F442A996}C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A6509684-F813-47A6-BB70-19D2D04FDC1D}C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [{7167B59B-815E-4A5A-AC91-AA8E8BC172DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE05FC5C-02CC-4E77-9F80-D019C265772E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{36018A0F-AD47-4142-910D-641D47868D38}C:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{45578C72-0B99-4E7F-9714-132332488D99}C:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe
FirewallRules: [{1343D4C0-2514-484F-93B3-4D2BB7D43367}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{93D6009D-CE2B-4F7A-9C1B-6901DD92D6C8}C:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{352B54FF-D58D-4A44-B71E-77440D0680D7}C:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [{A23FF030-FA7D-4001-9157-D939CB74DC2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{17209520-CE33-479A-B9BC-A5912DB4BE7A}C:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{0215055A-EB29-4DC6-86C8-96B938A5FBDE}C:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe

==================== Restore Points =========================

05-09-2017 23:48:21 Scheduled Checkpoint
06-09-2017 13:07:10 Pre-MalwareBytes Help

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter_12
Description: Microsoft Virtual WiFi Miniport Adapter_12
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Integrated Webcam
Description: Integrated Webcam
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2017 05:21:32 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1360) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 26890240 (0x00000000019a5000) (database page 6564 (0x19A4)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [6144207375726956] and the computed checksum was [562e29d15589761a].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (09/07/2017 05:21:19 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1360) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 26886144 (0x00000000019a4000) (database page 6563 (0x19A3)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [6144207375726956] and the computed checksum was [562e29d15589761d].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (09/07/2017 02:17:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6745.47, time stamp: 0x5672485c
Faulting module name: Matrix.dll, version: 6.0.6745.47, time stamp: 0x56723fc0
Exception code: 0xc0000005
Fault offset: 0x00000000000a6c72
Faulting process id: 0x2658
Faulting application start time: 0x01d327dba8d496c2
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\Program Files\Dell\SupportAssist\Matrix.dll
Report Id: 5d4e8833-69a8-4458-bd39-b4a911b6e3a2
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/07/2017 02:17:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000051C56C72

Error: (09/07/2017 07:48:02 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1360) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 26890240 (0x00000000019a5000) (database page 6564 (0x19A4)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [6144207375726956] and the computed checksum was [562e29d15589761a].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (09/06/2017 06:36:45 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1360) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 26890240 (0x00000000019a5000) (database page 6564 (0x19A4)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [6144207375726956] and the computed checksum was [562e29d15589761a].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (09/06/2017 04:56:32 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\wcncsvc.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\wcncsvc.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000242
Disk type: 3

Error: (09/06/2017 04:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wcncsvc, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: wcncsvc.dll, version: 10.0.14393.0, time stamp: 0x5789996b
Exception code: 0xc0000006
Fault offset: 0x000000000002a480
Faulting process id: 0x2d58
Faulting application start time: 0x01d32728b5cb1af8
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\wcncsvc.dll
Report Id: 8edfa665-8d73-4e1c-abb9-e559fea09609
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/06/2017 02:21:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6745.47, time stamp: 0x5672485c
Faulting module name: Matrix.dll, version: 6.0.6745.47, time stamp: 0x56723fc0
Exception code: 0xc0000005
Fault offset: 0x00000000000a6c72
Faulting process id: 0x28a0
Faulting application start time: 0x01d327130d83f0bb
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\Program Files\Dell\SupportAssist\Matrix.dll
Report Id: 63ffe4d1-67a2-48df-ba21-d5793bb82494
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/06/2017 02:21:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000051C56C72

System errors:
=============
Error: (09/07/2017 05:21:11 PM) (Source: DCOM) (EventID: 10010) (User: WORK-LAPTOP)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.

Error: (09/07/2017 05:12:45 PM) (Source: DCOM) (EventID: 10010) (User: WORK-LAPTOP)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.

Error: (09/07/2017 07:06:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2017 10:36:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2017 10:25:22 PM) (Source: DCOM) (EventID: 10010) (User: WORK-LAPTOP)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.

Error: (09/06/2017 07:39:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2017 05:53:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2017 05:18:52 PM) (Source: DCOM) (EventID: 10010) (User: WORK-LAPTOP)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.

Error: (09/06/2017 04:56:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Connect Now - Config Registrar service terminated unexpectedly.  It has done this 20 time(s).

Error: (09/06/2017 04:56:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SSDP Discovery service terminated unexpectedly.  It has done this 16 time(s).

CodeIntegrity:
===================================
  Date: 2017-03-17 20:21:54.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-17 20:21:54.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-17 20:21:54.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-17 20:21:54.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-17 20:21:51.068
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 19:47:23.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 8106.27 MB
Available physical RAM: 3214.51 MB
Total Virtual: 13106.27 MB
Available Virtual: 8167.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.87 GB) (Free:438.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6B3E87DF)

Partition: GPT.

==================== End of Addition.txt ============================

 

Thanks again for your help so far.

[kevinf80]

Hiya TBbbbb,

There does not seem to be any obvious malware in your logs, there are however several errors codes indicating possible hard drive failure... Can you run a check on your HD see if it will pass?

Go here: https://www.sysnative.com/forums/hardware-tutorials/4072-hard-drive-hdd-diagnostics.html and download the ISO, that will need to be burnt to a CD to test your HDD. The full instructions are also at that link, IMGBurn is suggested to be used to burn the CD, be aware it may come bundled with unwanted extras. I recommend you get the free version of BurnAware from the following link: http://www.burnaware.com/download.html Follow the instructions to run that tool here: http://knowledge.seagate.com/articles/en_US/FAQ/201271en#GUI Post back the findings, Thank you, Kevin

 

[TBbbbb]

Thanks Kevin,

 

Good to know there's not malware, seems odd to have hard drive failure given that the computer boots OK.

That step will be tricky as I don't have a CD drive. Are there any alternative options? If necessary I can purchase an external one.

 

Thanks.

[kevinf80]

It may not definitely be the HD, the error codes are not specific. They just highlight possibilities.... I would rather rule the HD out first rather than risk it dying and lossing everything,,

Lets run CHKDSK first see if maybe there are damaged blocks......

Select the Windows key and X Key together. From the produced list select:: Command Promt (Admin) Accept UAC alert... At the Command prompt, type CHKDSK C: /R hit the Enter key. You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot. The CHKDSK may take a few hours depending on the size of the drive, so be patient! After the CHKDSK has run use the following instructions to find the log: Check Disk report:   Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK. In the left panel, expand Windows Logs and then click on Application. Now, on the right side, click on Filter Current Log. Under Event Sources, (expand the drop down arrow) check only Wininit and click OK. You mayl be presented with one or multiple Wininit logs. Click on an entry corresponding to the date and time of the disk check. On the top main menu, click Action > Copy > Copy Details as Text. Paste the contents into your next reply. Thanks, Kevin

 

[TBbbbb]

Thanks Kevin, rebooting now to start the check disk.

[kevinf80]

Ok....

[TBbbbb]

Here's the log:

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          08/09/17 02:06:11
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Work-Laptop
Description:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  555776 file records processed.                                                        
File verification completed.
  24424 large file records processed.                                  
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
  699374 index entries processed.                                                      
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered to lost and found.                    

Stage 3: Examining security descriptors ...
Cleaning up 7214 unused index entries from index $SII of file 0x9.
Cleaning up 7214 unused index entries from index $SDH of file 0x9.
Cleaning up 7214 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
  71800 data files processed.                                          
CHKDSK is verifying Usn Journal...
  35349544 USN bytes processed.                                                          
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  555760 files processed.                                                              
File data verification completed.

Stage 5: Looking for bad, free clusters ...
  115074437 free clusters processed.                                                      
Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.
No further action is required.

 966653951 KB total disk space.
 505411356 KB in 388871 files.
    249004 KB in 71803 indexes.
         0 KB in bad sectors.
    695843 KB in use by the system.
     65536 KB occupied by the log file.
 460297748 KB available on disk.

      4096 bytes in each allocation unit.
 241663487 total allocation units on disk.
 115074437 allocation units available on disk.

Internal Info:
00 7b 08 00 21 05 07 00 cf fd 0c 00 00 00 00 00  .{..!...........
a3 0d 00 00 9c 9c 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-09-08T01:06:11.597149000Z" />
    <EventRecordID>628286</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Work-Laptop</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  555776 file records processed.                                                        
File verification completed.
  24424 large file records processed.                                  
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
  699374 index entries processed.                                                      
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered to lost and found.                    

Stage 3: Examining security descriptors ...
Cleaning up 7214 unused index entries from index $SII of file 0x9.
Cleaning up 7214 unused index entries from index $SDH of file 0x9.
Cleaning up 7214 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
  71800 data files processed.                                          
CHKDSK is verifying Usn Journal...
  35349544 USN bytes processed.                                                          
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  555760 files processed.                                                              
File data verification completed.

Stage 5: Looking for bad, free clusters ...
  115074437 free clusters processed.                                                      
Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.
No further action is required.

 966653951 KB total disk space.
 505411356 KB in 388871 files.
    249004 KB in 71803 indexes.
         0 KB in bad sectors.
    695843 KB in use by the system.
     65536 KB occupied by the log file.
 460297748 KB available on disk.

      4096 bytes in each allocation unit.
 241663487 total allocation units on disk.
 115074437 allocation units available on disk.

Internal Info:
00 7b 08 00 21 05 07 00 cf fd 0c 00 00 00 00 00  .{..!...........
a3 0d 00 00 9c 9c 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

[kevinf80]

Thanks for that log, continue with the following:

Select the Windows key and X Key together. From the produced list select:: Command Promt (Admin) At the Command prompt, type SFC /SCANNOW hit the Enter key Wait for the scan to finish - make a note of any error messages - and then reboot. Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.   Thanks, Kevin

[TBbbbb]

Unfortunately that won't run, I receive the following message:

'Another servicing or repair operation is currently running. Wait for this to finish and run sfc again'

I tried rebooting then running again, and receive the same message.

Thanks.

[kevinf80]

Select > Start > type cmd into the search box, from the list right click on cmd and select "Run as Administrator"

At the prompt type or copy paste tasklist > "C:\processes.txt"> 0 & notepad 0 select "enter"

The list of running processes will be saved to the root of C:\ Copy and paste that to your reply...

 

[TBbbbb]

Thanks for the reply Kevin, although SFC /SCANNOW is running now. I think something called Windows Module Installer was preventing it from running.

[TBbbbb]

New error this time around, the scan stops at 23% verification. Error message:

'Windows Resource Protection could not perform the requested operation'

 

Thanks.

 

[kevinf80]

Can you run the command I instructed and post the running process list,

[TBbbbb]

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0          4 K
System                           4 Services                   0      4,692 K
smss.exe                       380 Services                   0        996 K
csrss.exe                      580 Services                   0      4,396 K
wininit.exe                    704 Services                   0      4,780 K
csrss.exe                      712 Console                    1      9,168 K
winlogon.exe                   788 Console                    1     16,164 K
services.exe                   840 Services                   0      7,580 K
lsass.exe                      856 Services                   0     14,876 K
svchost.exe                    948 Services                   0     23,260 K
svchost.exe                   1004 Services                   0     10,752 K
dwm.exe                        700 Console                    1     52,728 K
svchost.exe                    972 Services                   0     53,452 K
svchost.exe                   1036 Services                   0    127,308 K
svchost.exe                   1064 Services                   0     24,424 K
svchost.exe                   1128 Services                   0     25,064 K
atiesrxx.exe                  1260 Services                   0      5,076 K
igfxCUIService.exe            1292 Services                   0      8,420 K
atieclxx.exe                  1380 Console                    1      9,112 K
svchost.exe                   1428 Services                   0     18,396 K
svchost.exe                   1548 Services                   0      9,512 K
RtkAudioService64.exe         1584 Services                   0      6,744 K
svchost.exe                   1720 Services                   0     12,972 K
svchost.exe                   1728 Services                   0     25,168 K
RAVBg64.exe                   1796 Console                    1     11,056 K
RAVBg64.exe                   1808 Console                    1     10,396 K
svchost.exe                   1940 Services                   0     15,216 K
spoolsv.exe                   1888 Services                   0     12,256 K
sched.exe                     2120 Services                   0      2,844 K
armsvc.exe                    2556 Services                   0      5,988 K
Avira.ServiceHost.exe         2564 Services                   0      9,436 K
avguard.exe                   2576 Services                   0     42,136 K
OfficeClickToRun.exe          2668 Services                   0     51,756 K
DbxSvc.exe                    2708 Services                   0      5,516 K
finSS_Server.exe              2720 Services                   0      5,280 K
CFRDBService.exe              2732 Services                   0     15,824 K
ThermoFisher.Foundation.A     2740 Services                   0     11,328 K
FinAutoLogOff.exe             2744 Services                   0     12,844 K
svchost.exe                   2764 Services                   0     23,376 K
ibtsiva.exe                   2776 Services                   0      4,944 K
dasHost.exe                   3024 Services                   0     16,320 K
SynTPEnhService.exe           2144 Services                   0      4,664 K
TrueColorALS.exe              2136 Services                   0      8,276 K
svchost.exe                   1960 Services                   0      9,216 K
svchost.exe                   2504 Services                   0     18,120 K
TeamViewer_Service.exe        2520 Services                   0     14,168 K
igfxext.exe                   3152 Services                   0      5,356 K
Memory Compression            3364 Services                   0    115,424 K
Service.exe                   3912 Services                   0     18,984 K
avshadow.exe                  4812 Services                   0      4,908 K
DDVRulesProcessor.exe         2900 Services                   0     11,480 K
WmiPrvSE.exe                  3076 Services                   0     15,604 K
DCCService.exe                 960 Services                   0     29,724 K
DFSSvc.exe                    3336 Services                   0     50,660 K
WmiPrvSE.exe                  4220 Services                   0     42,900 K
DeliveryService.exe           1740 Services                   0     33,124 K
DellUpService.exe             1752 Services                   0     43,100 K
IAStorDataMgrSvc.exe          5800 Services                   0     33,124 K
IntelMeFWService.exe          2248 Services                   0      4,880 K
GoogleCrashHandler.exe        5968 Services                   0         64 K
GoogleCrashHandler64.exe      6024 Services                   0        228 K
jhi_service.exe               5972 Services                   0      5,784 K
LMS.exe                       6088 Services                   0     10,696 K
SupportAssistAgent.exe        5664 Services                   0     69,520 K
SearchIndexer.exe             5828 Services                   0     45,020 K
DDVDataCollector.exe          6056 Services                   0     21,564 K
DDVCollectorSvcApi.exe        5856 Services                   0      6,468 K
sihost.exe                    5640 Console                    1     22,232 K
SynTPEnh.exe                  2408 Console                    1     15,412 K
svchost.exe                   5948 Console                    1     34,588 K
PresentationFontCache.exe     5944 Services                   0     16,292 K
taskhostw.exe                 5960 Console                    1     21,156 K
RuntimeBroker.exe             5956 Console                    1     69,684 K
explorer.exe                  6664 Console                    1    133,348 K
SynTPHelper.exe               6728 Console                    1      4,856 K
DFS.Common.Agent.exe          6848 Console                    1     21,432 K
conhost.exe                   6856 Console                    1      6,496 K
ShellExperienceHost.exe       7120 Console                    1     65,100 K
igfxEM.exe                    5672 Console                    1     12,216 K
DellUpTray.exe                5860 Console                    1     50,244 K
igfxHK.exe                    6176 Console                    1      8,976 K
igfxTray.exe                  6240 Console                    1     11,120 K
SearchUI.exe                  6840 Console                    1    158,240 K
SkypeHost.exe                 7456 Console                    1     10,360 K
SettingSyncHost.exe           7812 Console                    1      5,228 K
TiltWheelMouse.exe            8872 Console                    1      7,932 K
RtkNGUI64.exe                 8896 Console                    1     13,996 K
RAVBg64.exe                   8904 Console                    1     14,856 K
quickset.exe                  8992 Console                    1     18,736 K
avgnt.exe                     9136 Console                    1      4,028 K
MOM.exe                       8696 Console                    1      6,108 K
CCC.exe                       8864 Console                    1     25,524 K
RAVBg64.exe                   9332 Console                    1      1,460 K
WmiPrvSE.exe                 10196 Services                   0     14,000 K
Avira.Systray.exe             4040 Console                    1      7,532 K
atiw.exe                      6876 Console                    1     10,544 K
IAStorIcon.exe                8052 Console                    1     31,464 K
RemindersServer.exe           5240 Console                    1      4,924 K
fontdrvhost.exe              10924 Console                    1      3,352 K
audiodg.exe                   2076 Services                   0     20,024 K
WmiPrvSE.exe                   916 Services                   0     12,012 K
dllhost.exe                  11960 Console                    1     10,464 K
ApplicationFrameHost.exe      3144 Console                    1     22,260 K
Microsoft.Photos.exe          8728 Console                    1     71,032 K
WmiApSrv.exe                  6036 Services                   0      7,848 K
svchost.exe                   8096 Services                   0      5,636 K
smartscreen.exe               9072 Console                    1     14,812 K
chrome.exe                    7152 Console                    1    111,264 K
chrome.exe                   10028 Console                    1      9,068 K
chrome.exe                   11964 Console                    1      9,784 K
chrome.exe                    7988 Console                    1    165,212 K
chrome.exe                    8660 Console                    1     56,996 K
chrome.exe                   11204 Console                    1     39,760 K
chrome.exe                   11492 Console                    1     45,080 K
backgroundTaskHost.exe         956 Console                    1     22,368 K
chrome.exe                   10620 Console                    1    105,388 K
chrome.exe                    6560 Console                    1    158,988 K
dllhost.exe                    324 Console                    1      6,200 K
dllhost.exe                   5080 Services                   0      5,752 K
cmd.exe                      11660 Console                    1      3,016 K
conhost.exe                   9256 Console                    1     11,352 K
tasklist.exe                 11372 Console                    1      7,944 K
 

[kevinf80]

Thanks for that log, I do not see anything to concern us. I want you to set up your system for "Clean Boot" that is all non system services disabled, after reboot try sfc /scannow again..

Full instructions for clean boot are here: https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows

When you`ve rebooted in that mode run sfc again...

Select the Windows key and X Key together. From the produced list select::

Command Promt (Admin)

At the Command prompt, type

SFC /SCANNOW

hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.

Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.

Thank you,

Kevin

 

[TBbbbb]

Sorry to say that I'm getting the same error after a clean reboot. Although I have noticed that a few items re-select themselves in the 'system' window  in system configuration after choosing to disable them. They're all related to Avira Antivirus:

Avira Mail Protection

Avira Scheduler

Avira Real-Time Protection

Avira Web Protection

[kevinf80]

Can you disable Avira then try sfc /scannow again, also still leave in clean boot mode.

[TBbbbb]

The only way I could stop the services was by uninstalling Avira. Unfortunately I'm still getting the same error when I try to run Scannow.

[kevinf80]

Do you have access to a USB flashdrive (memory stick) if so I want you to run FRST from the recovery environment. We need a log from outside of windows, see if we are missing something.....

Please download Farbar Recovery Scan Tool from here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit... Next, Boot your PC, at the Desktop select the start Flag (bottom lefthand corner of screen) Hold down the "Shift key" of your keyboard, keep it down and select "Restart" Your PC should open to the "Choose an Option" window.... release shift key. From that window select "Troubleshoot" From the next window select "Advance Options" From that Window select "Command Prompt" Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open...... Continue with the following:   In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive. <<<----vey important The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. You will need to boot back to Normal windows to post the log, or if applicable do that action from a spare PC... To boot back to windows, type exit at the prompt and hit enter Please copy and paste or attach FRST log to your reply. Thanks, Kevin...