Jump to content

PUP.Optional.Legacy Problem


Recommended Posts

I have the Premium Trial of Malwarebytes and it did not find the PUP.Optional.Legacy infection in my Registry that AdwCleaner found....  I am confused why Malwarebytes did not recognize it?  I'm even more perplexed as to what to do about it... I'm not tech savvy and I don't want to remove a registry file that is needed for my computer to run properly... Legacy (I presume) is causing occasional havoc on my computer and would obviously like for Legacy to be removed before any more damage is done.  I'm GRATEFUL for any help!

# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 16 19:30:19 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-14.3
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1006 B] - [2018/3/15 17:11:51]
C:/AdwCleaner/AdwCleaner[S1].txt - [1074 B] - [2018/3/15 18:4:42]
C:/AdwCleaner/AdwCleaner[S2].txt - [1141 B] - [2018/3/15 20:29:46]
C:/AdwCleaner/AdwCleaner[S3].txt - [1209 B] - [2018/3/16 5:28:52]
C:/AdwCleaner/AdwCleaner[S4].txt - [1276 B] - [2018/3/16 19:23:41]


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########

   

 

adw.png

Link to post
Share on other sites

Welcome to Malwarebytes forum,

 

this registy key is related to simpliclean by simplitec.

Do you have currently / in former times installed this software?

Edited by MKDB
Link to post
Share on other sites

Thank you for replying, I personally have never installed the software.  Could it have been preinstalled?

My search engine changes quite often, I occasionally get notices when starting Microsoft Edge that claim keylogging my bank account with what I presume is a fake Microsoft number to call - I start the Task Manager to end the browser process when this happens - I don't know if "legacy" is causing this to happen also my computer will turn off several times a day without warning and restart...  Malwarebytes Premium hasn't found anything so I don't know if it's tied to "legacy" or not.  

Link to post
Share on other sites

Hi,

yes, simpliclean could have been preinstalled.

This registy key is only an orphan/leftover of simpliclean, so it is not responsible for those other problems (search engines, Edge, etc.) you have described.

You can remove this key with Adwcleaner, it will not hurt your machine.

 

 

Link to post
Share on other sites

I appreciate your help.  

I am experiencing all of this:

When infected with PUP.Optional.Legacy the common symptoms include:

  • Advertising banners are injected with the web pages that you are visiting.
  • Random web page text is turned into hyperlinks.
  • Browser popups appear which recommend fake updates or other software.
  • Other unwanted adware programs might get installed without the user’s knowledge.
  • Changing the web browser’s default home page
  • Changing the browser’s search provider and built-in search box

I don't know if there's truth to this, but reading this has me EXTREMELY concerned:

pup.optional.legacy is a dangerous Trojan horse which completely destroys the PC from inside. This notorious computer virus also destroys many important files from the deep folders of the system. This Trojan makes the system unstable by penetrating the core settings of the computer. This virus is designed to completely harm the system and destroy every aspect of the computer. pup.optional.legacy starts to delete and modify crucial system files. These files are very necessary for the system to run properly. The virus also disables many important programs from the system. These programs are the core programs which aid in running other programs on the computer.

pup.optional.legacy carries out numerous illegal operations on the computer. These processes are running in the background, so the user don’t know about them. The processes are very heavy and they consume a lot of CPU resources. They also eat up high memory from the computer system. This results in an awfully slow computer system. pup.optional.legacy brings a whole lot of malicious applications with it. Compromising the security of the computer, this Trojan installs malicious components on the affected computer. It also lowers down the security of the computer by affecting the security settings of the computer. This malicious Trojan also makes it easy for the remote hackers gang to hack into your computer.

pup.optional.legacy creates a backdoor on the computer for remote hackers. These hackers can get inside of your computer without your permission. They will have full control over your computer. These crooks will also be able to access sensitive data that is stored on your computer. They can make copies of personal photographs and sell these copies to third parties on the internet. These people can misuse your photographs in any way that suits them. These hackers will try to know the online behavior of the victim. They will try to locate the search queries performed by the user of the computer. They will also try to know the sites visited by the user. This data is combined to know the online preferences and choices of the victim of this software. Experts recommend to remove pup.optional.legacy from the affected computer without any doubt.

pup.optional.legacy is a malicious Trojan virus which often attacks remote computers. This virus is designed by cyber copes with the intention of damaging the system brutally. It opens backdoors for remote attackers to provide access on user’s computer. It may put system at high risks and corrupt essential files and data in multiple ways. Criminals bounds users to open or download its infectious files. It’s quite difficult to detect Trojan virus though it continuously changes its location inside system. Mostly, pup.optional.legacy attack on almost every version of Windows computer. In addition, it replicates itself to go deep inside the system. So that, it can conveniently perform vulnerable activities on the system. Unfortunately, this virus lurks into the system using some form of social engineering. For example – when users open any suspicious email attachment, visiting phishing sites, downloading freeware from unknown site, sharing file over infected network etc. It hampers computer to perform evil tasks without user’s knowledge. Further, it modifies registry entry and default setting of system.

Once getting control over system, pup.optional.legacy exhibits unavoidable behavior. It recommends fake update of already installed programs or software in system. Even, it slows down system processing and interrupts normal functionality of PC including disable task manager, control panel, firewalls etc. It leaves bad impact on web browsers like Chrome/IE/Firefox to accomplish illegal tasks. For this, it alters default setting to redirect users to unknown sites. Moreover, it replaces original homepage and new tab with its fake one. What worse about this virus is that it will cause system crashes after some random freezes taking place. pup.optional.legacy additionally install unwanted browser add-ons and plugins into browsers. Further it comes along with other severe threats to put system at worst situation. Other than its annoying behavior, it monitors online activities of users such as browsing history, session ids, bookmarks, search queries, cookies etc. Then onwards, gather all credential and personal information to perform cyber crime and earn money.

Link to post
Share on other sites

Hi alicee :)

The website you copy/pasted this from is a SpyHunter affiliate. There are thousands of these (SpyHunter affiliates) and all of them try to scare you into thinking that you are infected with a dangerous malware, so you'll feel forced to open your wallet and buy SpyHunter in order to get it removed. Rest assured that a PUP.Optional.Legacy detection on a system is NOT the kind of threat that is described on that website, so you can rest easy. In fact, Malwarebytes detects SpyHunter itself as a PUP, because it uses such tactics (tries to scare users into thinking their system is infected or have issues, when they're completely fine, so the user will feel compelled to buy their program).

https://blog.malwarebytes.com/malwarebytes-news/2017/11/winning-the-battle-against-pups-on-your-computer-and-in-u-s-district-court/

This being said, can you follow the instructions in the tutorial MKDB posted, and provide me the FRST.txt and Addition.txt logs?

Link to post
Share on other sites

Thank you for explaining this to me...  I've seen various levels of explanations on many sites (and Malwarebytes blocked a LOT of the sites) when I was trying to research - or so I thought....  Although tempted, I have not downloaded any other software to combat this, I am very careful about what I download which is why I'm puzzled how this PUP got into my system in the first place...  I don't even use Extensions on Chrome or Edge and obviously keep everything updated.

When I click on the tutorial in this post I am linked back to this post, could you provide me the link for the tutorial?  Again I am a complete novice which is also why I'm panicking.  I didn't know if it's something to worry about or not since Malwarebytes didn't find it but Malwarebytes Adwcleaner did....  but my computer is showing the same symptoms as browser pop ups with threats of keylogging, changing the homepage, altering the search provider, including my computer restarting on its own several times a day at different times of the day.

I appreciate you both taking the time to help me.

Link to post
Share on other sites

Here, these instructions should do the trick.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Corley (administrator) on DESKTOP-HI3JH42 (17-03-2018 11:54:05)
Running from C:\Users\Corley\Desktop
Loaded Profiles: Corley (Available Profiles: Corley)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Windows\jmesoft\Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit64.exe [53832 2015-07-15] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [148480 2017-09-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 69.1.30.42 69.1.30.43
Tcpip\..\Interfaces\{12d7a9e8-594c-4768-a734-a523ed16077b}: [DhcpNameServer] 69.1.30.42 69.1.30.43
Tcpip\..\Interfaces\{37faa955-cee5-4c0d-b3f5-663d07242e21}: [DhcpNameServer] 69.1.30.42 69.1.30.43
Tcpip\..\Interfaces\{f9810487-78aa-406c-b16e-902fdb2fd791}: [DhcpNameServer] 69.1.30.42 69.1.30.43

Internet Explorer:
==================
HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1307472328-3275292372-1442106660-1001 -> DefaultScope {5EA387F4-39AF-46C5-A5F8-A4B356A9B1F0} URL = 
SearchScopes: HKU\S-1-5-21-1307472328-3275292372-1442106660-1001 -> {5EA387F4-39AF-46C5-A5F8-A4B356A9B1F0} URL = 
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-06] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-06] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-01-25] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-12] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default [2018-03-17]
CHR Extension: (Slides) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28]
CHR Extension: (YouTube) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28]
CHR Extension: (Chrome IG Story) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2018-03-14]
CHR Extension: (Sheets) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-28]
CHR Extension: (SoundCloud Music Downloader) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkbfklckeeonkccgniohmlbjekdmjjg [2017-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2017-10-07] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68336 2018-03-02] (Lenovo Group Limited)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-08-24] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [697288 2017-12-19] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [115704 2015-07-15] (GenesysLogic)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-10] (McAfee, Inc.)
S3 LTXMD_VAC; C:\WINDOWS\system32\drivers\lmvac.sys [28944 2011-05-06] (Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-17] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-22] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2016-01-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-09-29] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-03-15] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-17 11:54 - 2018-03-17 11:55 - 000019724 _____ C:\Users\Corley\Desktop\FRST.txt
2018-03-17 11:53 - 2018-03-17 11:54 - 000000000 ____D C:\FRST
2018-03-17 11:52 - 2018-03-17 11:52 - 002403328 _____ (Farbar) C:\Users\Corley\Desktop\FRST64.exe
2018-03-17 11:34 - 2018-03-17 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-03-17 11:32 - 2018-03-17 11:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2018-03-17 11:31 - 2018-03-02 08:40 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-03-17 10:48 - 2018-03-17 10:48 - 000000000 ___HD C:\OneDriveTemp
2018-03-16 20:58 - 2018-03-16 20:58 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-03-16 14:23 - 2018-03-16 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-16 01:02 - 2018-03-17 11:31 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-15 23:56 - 2018-03-15 23:59 - 673333221 _____ (ON1) C:\Users\Corley\Downloads\Unconfirmed 863903.crdownload
2018-03-15 20:08 - 2018-03-15 20:08 - 003412930 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-15T20_08_50-05_00.zip
2018-03-15 17:21 - 2018-03-15 17:21 - 000030628 _____ C:\ProgramData\agent.uninstall.1521152484.bdinstall.bin
2018-03-15 17:18 - 2018-03-15 17:18 - 000094960 _____ C:\ProgramData\cl.1521152248.bdinstall.bin
2018-03-15 17:18 - 2018-03-15 17:18 - 000076696 _____ C:\ProgramData\cl.kit.1521152238.bdinstall.bin
2018-03-15 17:17 - 2018-03-15 17:17 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2018-03-15 17:14 - 2018-03-15 17:21 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-03-15 17:14 - 2018-03-15 17:14 - 000049255 _____ C:\ProgramData\agent.1521152080.bdinstall.bin
2018-03-15 17:14 - 2018-03-15 17:14 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-03-15 15:24 - 2018-03-17 10:48 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-03-15 14:06 - 2018-03-17 11:55 - 000058977 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-03-15 14:06 - 2018-03-15 14:31 - 000018615 _____ C:\WINDOWS\ZAM.krnl.trace
2018-03-15 14:06 - 2018-03-15 14:31 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-15 14:06 - 2018-03-15 14:06 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-03-15 14:06 - 2018-03-15 14:06 - 000000000 ____D C:\Users\Corley\AppData\Local\Zemana
2018-03-15 14:05 - 2018-03-15 14:06 - 006625600 _____ (Zemana Ltd. ) C:\Users\Corley\Downloads\Zemana.AntiMalware.Setup.exe
2018-03-15 13:24 - 2018-03-17 11:40 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-15 13:24 - 2018-03-17 11:31 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-15 13:23 - 2018-03-17 11:31 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-15 13:23 - 2018-03-15 13:23 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-15 13:23 - 2018-03-15 13:23 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-15 13:23 - 2018-03-15 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-15 13:23 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-15 13:20 - 2018-03-15 13:21 - 069748432 _____ (Malwarebytes ) C:\Users\Corley\Downloads\Unconfirmed 793148.crdownload
2018-03-15 13:10 - 2018-03-15 13:11 - 069748432 _____ (Malwarebytes ) C:\Users\Corley\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4352.exe
2018-03-15 12:57 - 2018-03-15 12:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-03-15 12:46 - 2018-03-15 12:58 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-15 12:45 - 2018-03-15 12:45 - 011605440 _____ (SurfRight B.V.) C:\Users\Corley\Downloads\hitmanpro_x64.exe
2018-03-15 12:09 - 2018-03-16 14:30 - 000000000 ____D C:\AdwCleaner
2018-03-15 12:03 - 2018-03-15 12:03 - 008222496 _____ (Malwarebytes) C:\Users\Corley\Downloads\adwcleaner_7.0.8.0 (1).exe
2018-03-15 12:02 - 2018-03-15 12:02 - 008222496 _____ (Malwarebytes) C:\Users\Corley\Downloads\adwcleaner_7.0.8.0.exe
2018-03-15 06:50 - 2018-03-15 06:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-03-15 06:50 - 2018-03-15 06:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-03-15 06:50 - 2018-03-15 06:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-03-15 06:50 - 2018-03-15 06:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-03-15 00:12 - 2018-03-15 00:12 - 004070755 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-15T00_12_10-05_00.zip
2018-03-14 14:35 - 2018-03-14 14:35 - 000071790 _____ C:\Users\Corley\Downloads\hashtags (2).xlsx
2018-03-14 14:34 - 2018-03-14 14:34 - 000029865 _____ C:\Users\Corley\Downloads\hashtags.xlsx.ods
2018-03-14 14:32 - 2018-03-14 14:32 - 000000891 _____ C:\Users\Corley\Downloads\hashtags.xlsx - Makeup - special Effect.csv
2018-03-14 14:30 - 2018-03-14 14:30 - 000071784 _____ C:\Users\Corley\Downloads\hashtags (1).xlsx
2018-03-14 13:50 - 2018-03-14 13:51 - 000000000 ____D C:\Users\Corley\AppData\Local\PlaceholderTileLogoFolder
2018-03-14 13:47 - 2018-03-14 13:47 - 000084285 _____ C:\Users\Corley\Downloads\hashtags.xlsx
2018-03-14 13:24 - 2018-03-14 13:24 - 004117940 _____ C:\Users\Corley\Downloads\engaged_Instagram_2017.pdf
2018-03-14 10:47 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 10:47 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 10:47 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 10:47 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 10:47 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 10:47 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 10:47 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 10:47 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 10:47 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 10:47 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 10:47 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 10:47 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 10:47 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 10:47 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 10:47 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 10:47 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 10:47 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 10:47 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 10:47 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 10:47 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 10:47 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 10:47 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 10:47 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 10:47 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 10:47 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 10:47 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 10:47 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 10:47 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 10:47 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 10:47 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 10:47 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 10:47 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 10:47 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 10:47 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 10:47 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 10:47 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 10:47 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 10:47 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 10:47 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 10:47 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 10:47 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 10:47 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 10:47 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 10:47 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 10:47 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 10:47 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 10:47 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 10:47 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 10:47 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 10:47 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 10:47 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 10:47 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 10:47 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 10:47 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 10:47 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 10:47 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 10:47 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 10:47 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 10:47 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 10:47 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 10:47 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 10:47 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 10:47 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 10:47 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 10:47 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 10:47 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 10:47 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 10:47 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 10:47 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 10:47 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 10:47 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 10:47 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 10:47 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 10:47 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 10:47 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 10:47 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 10:47 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 10:47 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 10:47 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 10:47 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 10:47 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 10:47 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 10:47 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 10:47 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 10:47 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 10:47 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 10:47 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 10:47 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 10:47 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 10:47 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 10:47 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 10:47 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 10:47 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 10:47 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 10:47 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 10:47 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 10:47 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 10:47 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 10:47 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 10:47 - 2018-02-21 19:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 10:46 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 10:46 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 10:46 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 10:46 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 10:46 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 10:46 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 10:46 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 10:46 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 10:46 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 10:46 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 10:46 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 10:46 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 10:46 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 10:46 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 10:46 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 10:46 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 10:46 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 10:46 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 10:46 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 10:46 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 10:46 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 10:46 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 10:46 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 10:46 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 10:46 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 10:46 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 10:46 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 10:46 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 10:46 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 10:46 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 10:46 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 10:46 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 10:46 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 10:46 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 10:46 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 10:46 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 10:46 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 10:46 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 10:46 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 10:46 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 10:46 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 10:46 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 10:46 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 10:46 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 10:46 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 10:46 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 10:46 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 10:46 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 10:46 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 10:46 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 10:46 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 10:46 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 10:46 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 10:46 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 10:46 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 10:46 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 10:46 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 10:46 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 10:46 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 10:46 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 10:46 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 10:46 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 10:46 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 10:46 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 10:46 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 10:46 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 10:46 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 10:46 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 10:46 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 10:46 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 10:46 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 10:46 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 10:46 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 10:46 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 10:46 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 10:46 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 10:46 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 10:46 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 10:46 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 10:46 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 10:46 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 10:46 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 10:46 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 23:54 - 2018-03-13 23:54 - 004447928 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-13T23_54_42-05_00.zip
2018-03-12 18:19 - 2018-03-12 18:19 - 005645451 _____ C:\Users\Corley\Downloads\Book 7 (1).pdf
2018-03-12 18:18 - 2018-03-12 18:18 - 000848994 _____ C:\Users\Corley\Downloads\Book 7.pdf
2018-03-12 13:52 - 2018-03-12 18:22 - 000000000 ____D C:\Users\Corley\Documents\JARED
2018-03-12 13:40 - 2018-03-12 13:40 - 028614079 _____ C:\Users\Corley\Downloads\Copy of Book 7 PROOF.pdf
2018-03-11 22:40 - 2018-03-11 22:40 - 004006817 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-11T22_40_56-05_00.zip
2018-03-11 16:33 - 2018-03-11 16:34 - 000102527 _____ C:\Users\Corley\Downloads\InSearchofSheila-Ultimate-Hashtag-Library (1).pdf
2018-03-11 16:08 - 2018-03-11 16:08 - 000341453 _____ C:\Users\Corley\Downloads\Haute-Hashtags-by-HerPaperRoute.zip
2018-03-11 16:06 - 2018-03-11 16:06 - 000737520 _____ C:\Users\Corley\Downloads\The_2018_Strategy-Guide.pdf
2018-03-11 11:24 - 2018-03-11 11:24 - 004887941 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-11T11_24_07-05_00.zip
2018-03-11 10:43 - 2018-03-11 10:43 - 000102527 _____ C:\Users\Corley\Downloads\InSearchofSheila-Ultimate-Hashtag-Library.pdf
2018-03-08 07:26 - 2018-03-08 07:26 - 009837379 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-08T06_26_15-06_00.zip
2018-03-07 11:49 - 2018-03-07 11:49 - 000000000 ____D C:\Users\Corley\Documents\ETSY
2018-03-06 12:24 - 2018-03-14 13:53 - 000000000 ____D C:\Users\Corley\Documents\LITTLEJARSOFOLIVES
2018-03-05 13:37 - 2018-03-05 13:37 - 001933158 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-05T12_37_52-06_00.zip
2018-02-28 14:57 - 2018-02-28 14:57 - 000051817 _____ C:\Users\Corley\Downloads\Write_Captions_that_Convert.pdf
2018-02-28 14:57 - 2018-02-28 14:57 - 000051817 _____ C:\Users\Corley\Downloads\Write_Captions_that_Convert (1).pdf
2018-02-28 14:27 - 2018-02-28 14:27 - 001396059 _____ C:\Users\Corley\Downloads\Your_Guide_To_Building_a_Social_Media_Strategy_-_The_Socialite_Media-ilovepdf-compressed.pdf
2018-02-23 18:10 - 2018-03-09 17:29 - 000014760 _____ C:\Users\Corley\Downloads\steaokout6.odt
2018-02-23 12:07 - 2018-02-23 12:07 - 000988352 _____ C:\Users\Corley\Downloads\keepvid-pro-desktop_setup_full2957.exe
2018-02-22 15:09 - 2018-02-22 15:09 - 000028008 _____ C:\Users\Corley\Downloads\123 Anywhere St.,Any City, State, Country 12345123-456-7890hello@reallygreatsite.com.pdf
2018-02-22 11:20 - 2018-02-22 11:20 - 000456306 _____ C:\Users\Corley\Downloads\file-21 (1).jpeg
2018-02-22 11:20 - 2018-02-22 11:20 - 000385809 _____ C:\Users\Corley\Downloads\file-22 (1).jpeg
2018-02-22 11:20 - 2018-02-22 11:20 - 000299871 _____ C:\Users\Corley\Downloads\file-20 (1).jpeg
2018-02-22 11:19 - 2018-02-22 11:19 - 000480944 _____ C:\Users\Corley\Downloads\file-19 (1).jpeg
2018-02-22 11:18 - 2018-02-22 11:18 - 001122531 _____ C:\Users\Corley\Downloads\file-18 (1).jpeg
2018-02-22 11:18 - 2018-02-22 11:18 - 000563974 _____ C:\Users\Corley\Downloads\file-17 (1).jpeg
2018-02-22 11:18 - 2018-02-22 11:18 - 000360525 _____ C:\Users\Corley\Downloads\file-16 (1).jpeg
2018-02-22 11:17 - 2018-02-22 11:17 - 000828752 _____ C:\Users\Corley\Downloads\file-14 (1).jpeg
2018-02-22 11:17 - 2018-02-22 11:17 - 000811011 _____ C:\Users\Corley\Downloads\file-15 (1).jpeg
2018-02-22 11:17 - 2018-02-22 11:17 - 000694914 _____ C:\Users\Corley\Downloads\file-13 (1).jpeg
2018-02-22 11:16 - 2018-02-22 11:16 - 000697955 _____ C:\Users\Corley\Downloads\file-12 (1).jpeg
2018-02-22 11:16 - 2018-02-22 11:16 - 000693613 _____ C:\Users\Corley\Downloads\file-11 (2).jpeg
2018-02-22 11:15 - 2018-02-22 11:15 - 000624142 _____ C:\Users\Corley\Downloads\file-10 (1).jpeg
2018-02-22 11:15 - 2018-02-22 11:15 - 000609827 _____ C:\Users\Corley\Downloads\file-9 (1).jpeg
2018-02-22 11:14 - 2018-02-22 11:14 - 000653622 _____ C:\Users\Corley\Downloads\file-8 (1).jpeg
2018-02-22 11:14 - 2018-02-22 11:14 - 000279805 _____ C:\Users\Corley\Downloads\file-7 (1).jpeg
2018-02-22 11:13 - 2018-02-22 11:13 - 000515574 _____ C:\Users\Corley\Downloads\file-6 (1).jpeg
2018-02-22 11:13 - 2018-02-22 11:13 - 000379550 _____ C:\Users\Corley\Downloads\file-4 (1).jpeg
2018-02-22 11:13 - 2018-02-22 11:13 - 000311854 _____ C:\Users\Corley\Downloads\file-5 (1).jpeg
2018-02-22 11:12 - 2018-02-22 11:12 - 000396485 _____ C:\Users\Corley\Downloads\file-2 (1).jpeg
2018-02-22 11:12 - 2018-02-22 11:12 - 000312794 _____ C:\Users\Corley\Downloads\file-3 (1).jpeg
2018-02-22 11:11 - 2018-02-22 11:11 - 000437946 _____ C:\Users\Corley\Downloads\file-1 (2).jpeg
2018-02-22 11:11 - 2018-02-22 11:11 - 000397767 _____ C:\Users\Corley\Downloads\file (3).jpeg
2018-02-22 11:09 - 2018-02-22 11:09 - 000397767 _____ C:\Users\Corley\Downloads\file (2).jpeg
2018-02-21 09:40 - 2018-03-13 14:39 - 000000000 ____D C:\Users\Corley\Documents\PAMELIA
2018-02-18 23:16 - 2018-02-18 23:16 - 003698270 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-02-18T22_16_52-06_00.zip
2018-02-17 01:29 - 2018-03-01 13:05 - 000000000 ____D C:\WINDOWS\Minidump
2018-02-15 15:02 - 2018-02-15 15:02 - 000637688 _____ C:\Users\Corley\Downloads\raisamrn-2018-02-15T14_02_46-06_00.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-17 11:38 - 2016-11-17 08:01 - 000565654 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-03-17 11:33 - 2017-09-30 15:58 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-17 11:33 - 2016-01-10 03:41 - 000000000 ___RD C:\Users\Corley\OneDrive
2018-03-17 11:32 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-17 11:31 - 2017-11-30 22:05 - 000000000 ____D C:\Users\Corley
2018-03-17 11:31 - 2017-10-08 14:45 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-03-17 11:30 - 2017-11-30 22:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-17 11:30 - 2017-11-30 22:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-17 10:56 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-17 10:56 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-17 10:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-17 10:52 - 2017-11-30 22:37 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4D65D895-1BE6-4D96-8A8A-8D0F469BF83A}
2018-03-17 01:19 - 2017-11-30 22:05 - 000000000 ____D C:\Users\Corley\AppData\Local\Packages
2018-03-16 14:24 - 2016-05-04 19:27 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-16 13:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 10:13 - 2017-11-30 22:25 - 001479180 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-16 01:01 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-16 01:00 - 2017-06-01 20:33 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-16 00:01 - 2017-11-14 13:59 - 000000000 ____D C:\ProgramData\ON1
2018-03-15 21:12 - 2017-11-14 14:00 - 000000000 ____D C:\Users\Corley\AppData\Roaming\ON1
2018-03-15 21:01 - 2018-01-29 17:37 - 000000000 ____D C:\Users\Corley\AppData\Local\osu!
2018-03-15 20:59 - 2017-09-30 16:03 - 000000000 ____D C:\Users\Corley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-15 17:32 - 2017-11-17 18:19 - 000000000 ____D C:\Users\Corley\AppData\Local\Battle.net
2018-03-15 17:32 - 2017-10-16 17:32 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-15 13:12 - 2016-10-18 17:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-15 12:32 - 2016-04-28 12:50 - 000002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-15 12:32 - 2016-04-28 12:50 - 000002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-14 23:15 - 2017-11-30 23:09 - 000000000 ___RD C:\Users\Corley\3D Objects
2018-03-14 23:15 - 2015-07-16 10:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 23:13 - 2017-11-30 21:59 - 000365904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 23:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 23:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 23:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-14 13:54 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-14 13:48 - 2016-01-11 13:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 13:45 - 2017-10-10 16:11 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 13:45 - 2016-01-11 13:39 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 12:16 - 2017-09-29 03:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-03-14 10:49 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 10:49 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-12 22:39 - 2016-01-09 13:11 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-11 10:45 - 2017-11-26 18:37 - 000000000 ____D C:\Users\Corley\Downloads\SOCIAL MANAGER
2018-03-07 16:49 - 2017-11-30 22:37 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1307472328-3275292372-1442106660-1001
2018-03-07 16:49 - 2016-01-10 03:41 - 000002377 _____ C:\Users\Corley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-02 16:09 - 2017-09-29 08:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 16:09 - 2017-09-29 08:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 08:40 - 2017-10-05 10:59 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-03-02 08:40 - 2017-10-05 10:59 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-03-02 08:40 - 2017-10-05 10:59 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-03-01 08:19 - 2016-01-09 13:11 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-01 08:18 - 2017-11-30 22:37 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-03-01 08:18 - 2017-11-30 22:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-03-01 08:17 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-03-01 08:16 - 2015-09-01 20:08 - 000000000 ____D C:\ProgramData\McAfee
2018-02-28 09:04 - 2017-11-30 22:37 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-02-27 21:09 - 2017-11-17 18:20 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-02-26 21:03 - 2017-11-30 22:37 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-24 12:19 - 2016-08-17 13:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-09-21 12:56 - 2016-09-21 13:15 - 000001456 _____ () C:\Users\Corley\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-11-14 12:04 - 2017-11-14 12:04 - 000000883 _____ () C:\Users\Corley\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-03-15 13:43 - 2018-03-15 12:45 - 011605440 _____ (SurfRight B.V.) C:\Users\Corley\AppData\Local\Temp\HitmanPro.exe
2018-03-16 00:02 - 2017-03-13 13:46 - 001600592 _____ (ON1, Inc.) C:\Users\Corley\AppData\Local\Temp\ON1Wait.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-12 19:16

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Corley (17-03-2018 11:56:17)
Running from C:\Users\Corley\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-01 03:39:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1307472328-3275292372-1442106660-500 - Administrator - Disabled)
Corley (S-1-5-21-1307472328-3275292372-1442106660-1001 - Administrator - Enabled) => C:\Users\Corley
DefaultAccount (S-1-5-21-1307472328-3275292372-1442106660-503 - Limited - Disabled)
Guest (S-1-5-21-1307472328-3275292372-1442106660-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1307472328-3275292372-1442106660-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{636C397D-3A6D-BB86-22E8-39451D079E76}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 3.0.2) (Version: 3.0.2 - Avery Products Corporation)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{C7C5C180-248D-4CF4-8636-4568DE8EDC3B}) (Version: 19.1.0.419 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{C7C5C180-248D-4CF4-8636-4568DE8EDC3B}) (Version: 19.1.419 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{58EA2241-5840-4C95-A5A5-82FD2F037D72}) (Version: 19.1.419 - Corel Corporation) Hidden
Corel Painter 2018 - EN (HKLM\...\{DE7A8D8C-B182-4D28-A996-BD339EF7DEBD}) (Version: 18.1 - Corel Corporation) Hidden
Corel Painter Thumbnail Previewer (HKLM\...\{50139369-99B2-496A-8726-D3DC5D6D4235}) (Version: 18.0 - Corel Corporation)
Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.0716 - Lenovo)
Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.162 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
nugster 1.47 (HKLM\...\nugster) (Version: 1.47 - Nugs, Inc.)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.868.060315 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Windows Driver Package - Genesys Logic (GeneStor) USB  (07/13/2015 4.5.0.6) (HKLM\...\AE2E6FAB44844413B4C6F53C908EACC8AFC838F0) (Version: 07/13/2015 4.5.0.6 - Genesys Logic)
Windows Driver Package - Realtek (rt640x64) Net  (05/05/2015 10.001.0505.2015) (HKLM\...\6A304520C2F25CD034E477A379C47308AA84A2DC) (Version: 05/05/2015 10.001.0505.2015 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetooth  (06/11/2015 1.3.868.3) (HKLM\...\604A7B07184AD24892732BED4543610976632257) (Version: 06/11/2015 1.3.868.3 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net  (07/09/2015 2023.14.0615.2015) (HKLM\...\5D078DEFD18360A7A64D38392C9F1007DC86AE23) (Version: 07/09/2015 2023.14.0615.2015 - Realtek Semiconductor Corp.)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-07-07] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01DAC141-3423-4F33-80BF-0FEDFCCF42E1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {05F65F79-880F-43AA-8558-4DCFF9B47CC2} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {1277F15B-7891-4B20-94D8-A19C1869B44A} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo)
Task: {1ADF2618-1B9A-4B6F-9EE5-14953E8EA1BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {1ED51F65-E8E0-4F4F-A569-4EA25A284FB3} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo)
Task: {2E44E269-2419-4C64-82F4-D2ED3B31C0CE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9c10b7cf-dbc1-49f0-91f7-8a69ea83030a => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {3487FC48-FD2F-4CB8-BAA5-E8BA30293D01} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {3DB26126-BB15-4FF9-B229-3967443F1214} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {4049651A-4D30-4740-B17E-102D31F0E2DA} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
Task: {51D97A9E-1E5E-42AD-8757-6857FB99784B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-04] (Dropbox, Inc.)
Task: {59BDBD30-80E8-4E76-B66E-5B67738CF720} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-03-02] (Lenovo Group Limited)
Task: {5F6D7120-19D5-4F66-9002-C448D2007AA9} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.)
Task: {76BF5778-42F5-4DDE-8821-B3A750D8A6F5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {7D48B7EB-6C7A-415C-BA68-79F471FA9B0B} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-01-12] (Lenovo)
Task: {877C5E19-76CF-43E5-9216-6FE7FC993E51} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] ()
Task: {8AA51AC2-1E2F-46ED-A074-73003FCE8F2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {8D086B38-F625-44E8-A3E1-8C557BFF2391} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2f1729d9-1861-41e5-81d5-1d61b4b95159 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {8EC745A8-90D4-4F08-8FA9-E55CD7CB8E8A} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
Task: {8ECC11CA-4C2E-4E2B-BEB2-EC074B0300A1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {928A88AF-3CE8-4757-AC04-F232F695B044} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {9BBEB0A5-019B-47D9-8967-476AB0CD9872} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\69cfe95a-84ab-482f-969c-9e8b26e50e30 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {9DCA2EE1-4AF3-4B47-9FBE-1FD08450212E} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {9F4619DF-8E89-4482-BCCB-5154BDE04D26} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-bacbc@live.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {ADDB5F56-7DB0-4B75-BE8C-938DF5AC56B8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0e73b64e-7e12-406b-a9bf-4b2f4b92663f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {B07B877D-A2AE-48B7-AE32-28B30DF4D431} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {BD088AA6-DCEF-4C82-947B-0113B18DE359} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-03-14] (Microsoft Corporation)
Task: {D644F850-B2DA-4FF3-B687-82D3E3030040} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {D86CF71E-5CAF-484C-AE34-C55B3423E644} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.)
Task: {D88358DA-D98F-475B-966C-C2EEEB808F51} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {DE23472B-A5CC-411F-944E-0C60411CBA31} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-04] (Dropbox, Inc.)
Task: {F7BA9D9F-562D-4D74-B7D8-2DAAB9693CCB} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {FAECD5F2-9E23-4340-953A-9B9411536739} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-01 21:01 - 2011-08-16 22:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2018-03-15 13:23 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-15 13:23 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-06-28 16:04 - 2018-01-05 18:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-06-28 16:04 - 2018-01-05 18:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2016-01-15 16:24 - 2016-01-15 16:24 - 000043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll
2018-03-14 10:46 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 10:47 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-01 20:58 - 2015-07-15 05:54 - 000053832 _____ () C:\Windows\SysWOW64\UMonit64.exe
2018-01-22 04:15 - 2018-01-22 04:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-03-16 10:15 - 2018-03-16 10:15 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-16 10:15 - 2018-03-16 10:15 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 10:15 - 2018-03-16 10:15 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-16 10:15 - 2018-03-16 10:15 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-16 10:15 - 2018-03-16 10:15 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-15 12:32 - 2018-03-12 19:39 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.162\libglesv2.dll
2018-03-15 12:32 - 2018-03-12 19:39 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.162\libegl.dll
2018-03-16 14:23 - 2018-03-15 06:50 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-03-16 14:23 - 2018-03-15 06:50 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2016-05-04 19:28 - 2018-03-15 06:50 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-05-04 19:28 - 2018-03-15 06:53 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-03-16 14:23 - 2018-03-15 06:50 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-03-16 14:23 - 2018-03-15 06:50 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-05-04 19:28 - 2018-03-15 06:50 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 13:22 - 2018-03-15 06:53 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-03-16 14:23 - 2018-03-15 06:50 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-03-16 14:23 - 2018-03-15 06:50 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-05-04 19:28 - 2018-03-15 06:53 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-05 13:22 - 2018-03-15 06:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 15:11 - 2018-03-15 06:50 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 12:08 - 2018-03-15 06:53 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 14:02 - 2018-03-15 06:53 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-05-04 19:28 - 2018-03-15 06:53 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 14:19 - 2018-03-15 06:53 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 17:47 - 2018-03-15 06:53 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-05-04 19:28 - 2018-03-15 06:53 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-01-23 17:47 - 2018-03-15 06:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 17:47 - 2018-03-15 06:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 17:47 - 2018-03-15 06:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-05-04 19:28 - 2018-03-15 06:50 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-05-04 19:28 - 2018-03-15 06:53 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-03-16 14:23 - 2018-03-15 06:50 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-03-16 14:23 - 2018-03-15 06:52 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-03-16 14:23 - 2018-03-15 06:50 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-10 16:49 - 2018-03-15 06:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-11 16:41 - 2018-03-15 06:53 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-03-16 14:23 - 2018-03-15 06:52 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-05 13:22 - 2018-03-15 06:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-03-16 14:23 - 2018-03-15 06:52 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-12-19 16:33 - 2016-07-21 11:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-12-19 16:33 - 2017-09-12 11:34 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2015-07-10 06:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 69.1.30.42 - 69.1.30.43
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C63DDC2C-5F32-47C3-A174-E18F24E279D0}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{E8DDF0BF-B0D6-4492-BBBA-79F920840A36}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{2BA9590D-5403-4EDB-871B-BE686DEA10C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{27487738-FEE7-488B-96DD-640268A4A096}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{79462FF8-E6F2-4AD5-831E-5D6B765FA756}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB491267-4CDB-4C13-B861-FDCF8EE528B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E1E0FC61-5DBD-47C8-8CD4-D3D0BDC1615D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{71DF934E-9891-472C-B903-EB680D97313D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{F6A15DD9-5425-4731-9DF9-23B1F979D436}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{DFF573E9-AF86-411F-9D59-A4E716F88822}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8E2286A-8F96-404A-A726-1B8B650D287B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B7CBAA03-40DD-4FFC-BAD4-3091A9C4333D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{92A6DD2B-7EB9-4923-AD58-712A61626947}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF007A4E-C3D0-429B-9D9C-D432ED3B4E5B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{8BE0293E-9B51-4954-ACDE-1342916C2916}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C2FEF171-3086-46A5-9F65-EB347A5827DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BEB20035-2168-4AED-9A79-A7988BD0730C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

03-03-2018 20:12:57 Scheduled Checkpoint
13-03-2018 11:14:48 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2018 11:31:00 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (03/17/2018 01:20:55 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (03/17/2018 01:20:42 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (03/16/2018 01:07:58 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (03/16/2018 01:07:42 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (03/16/2018 01:07:42 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (03/16/2018 01:01:45 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (03/16/2018 12:59:32 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed


System errors:
=============
Error: (03/17/2018 11:48:32 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HI3JH42)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-HI3JH42\Corley SID (S-1-5-21-1307472328-3275292372-1442106660-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/17/2018 11:38:49 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42)
Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca

Error: (03/17/2018 11:38:47 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42)
Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca

Error: (03/17/2018 11:38:44 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42)
Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca

Error: (03/17/2018 11:38:42 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42)
Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca

Error: (03/17/2018 11:38:39 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42)
Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca

Error: (03/17/2018 11:38:37 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42)
Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca

Error: (03/17/2018 11:38:34 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42)
Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca


CodeIntegrity:
===================================

Date: 2018-03-17 11:47:46.774
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 11:47:46.771
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 11:46:50.592
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 11:46:50.589
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 11:39:32.691
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 11:39:32.687
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 11:38:58.018
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 11:38:58.013
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G 
Percentage of memory in use: 50%
Total physical RAM: 7093.18 MB
Available physical RAM: 3530.14 MB
Total Virtual: 7541.18 MB
Available Virtual: 3974.92 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:899.67 GB) (Free:708.23 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{92bdd0df-4e3e-4023-bb3e-cce98ae1fd2d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{1a88f718-4da7-465f-b1a1-0023dd71a27e}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{af5a3719-23a7-4db6-988a-d500a46caabb}\ (LENOVO_PART) (Fixed) (Total:30 GB) (Free:17.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5664B4E4)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

I don't see any traces of infection in your logs.

Quote

but my computer is showing the same symptoms as browser pop ups with threats of keylogging, changing the homepage, altering the search provider, including my computer restarting on its own several times a day at different times of the day.

Could you expand on that?

Where do you see threats of keylogging? To what website is your homepage getting changed to? Same for the search provider. And is your computer restarting randomly when you use it?

Link to post
Share on other sites

A warning pops up occasionally with a (presumably) fake Microsoft number, claiming there's a keylogger that can access my bank account information and to call Microsoft right away...  it's a bright red screen.  I always start the Task Manager to close the browser (appears only in Edge browser).  When it happens again I will screenshot it before closing it.  

My computer restarts ONLY while I'm using it and it's ALWAYS at the worst time such as when I'm typing a document that fortunately can be recovered but odd that it restarts at the worst possible time, several times a day.

My homepage gets changed to a different search engine automatically several times a week - SafeSecure I believe or SecureSearch - I'll make sure to screenshot that as well when it happens again...

I'm relieved that you don't see any traces of infection however why are there so many "ERRORS" in the log - is that normal?

Also I looked at my Programs and there are 3 Programs that I don't know if they should be removed or not - I do not remember installing them but unsure if anything uses them:

Ghostscript GPL 8.64 (Msi Setup)

Nugster 1.47

Wondershare Helper Compact 2.6.0

I appreciate your help and would like to Donate for the time that you've spent helping me.

Link to post
Share on other sites

Quote

A warning pops up occasionally with a (presumably) fake Microsoft number, claiming there's a keylogger that can access my bank account information and to call Microsoft right away...  it's a bright red screen.  I always start the Task Manager to close the browser (appears only in Edge browser).  When it happens again I will screenshot it before closing it.  

These are fake technical support scams. They are often caused by malvertising. This can be prevented by installing a good adblocker in your web browser. Sadly, uBlock Origin isn't available on Internet Explorer. So you would have to use something like Adblock Plus.

Quote

My computer restarts ONLY while I'm using it and it's ALWAYS at the worst time such as when I'm typing a document that fortunately can be recovered but odd that it restarts at the worst possible time, several times a day.

Is it restarting normally, or it just shuts down without warning (like, if the power was shut down) and then reboot?

Quote

I'm relieved that you don't see any traces of infection however why are there so many "ERRORS" in the log - is that normal?

Every computers will throw errors, for whatever reason there is. I looked at yours, and they aren't critical. Most of them are caused by a Windows App not working properly, and an AMD service failing to start properly.

Quote

My homepage gets changed to a different search engine automatically several times a week - SafeSecure I believe or SecureSearch - I'll make sure to screenshot that as well when it happens again...

Please do. Though I have a feeling that this is caused by McAfee SiteAdvisor.

https://community.mcafee.com/t5/WebAdvisor/Search-engine-switching-to-Yahoo/td-p/471356

Quote

Also I looked at my Programs and there are 3 Programs that I don't know if they should be removed or not - I do not remember installing them but unsure if anything uses them:

You can uninstall these. Ghostscript is mainly used for fonts and interpreters while that Wondershare Compact Helper seems to be related to their products. A lot of users have it installed, but don't know why.

Quote

I appreciate your help and would like to Donate for the time that you've spent helping me.

No problem :) I can send you my Paypal address once we're done working on your system.

Link to post
Share on other sites

Malvertising - I guess there's not much to do against that aside from what you suggested with Adblock Plus?  I was concerned that the PUP.Optional.Legacy was causing ALL of the "problems" that I've stated, but apparently it's not always "bad" when that particular PUP shows up?  Again, Malwarebytes didn't "catch" it so I felt like perhaps it wasn't as big of a concern but when Adwcleaner picked it up I was concerned...

The computer restarts without any warning - most of the time it reboots on it's own as if I restarted it (but didnt!) but occasionally it shuts down completely and does not restart on it's own.  

I'll be sure to take screenshots of anything that appears from this point forward.  I wish I had thought to do that but I always rush in a panic to get it off the screen as fast as I can.  Sometimes there's a robotic voice that reads what's on the screen and sometimes not. 

I'll consider deleting those three programs.  If I don't NEED them, then I don't particularly want them, but being a complete novice I don't want to uninstall the wrong program and lead to bigger problems.  I don't know if it's true or not, but I read that Wondershare can be malware and perhaps that's what's causing the malvertising?  But I don't know?

I really appreciate your patience with me!

 

 

Link to post
Share on other sites

Quote

Malvertising - I guess there's not much to do against that aside from what you suggested with Adblock Plus?

There isn't sadly. You could always use your hosts file to add domains used by advertisers, so it'll prevent them from loading and reduces the chances of being hit with malvertising. Honestly, using Google Chrome or another web browser that supports uBlock Origin would be a better idea.

Quote

Again, Malwarebytes didn't "catch" it so I felt like perhaps it wasn't as big of a concern but when Adwcleaner picked it up I was concerned...

I looked into the detection from AdwCleaner, and on its own, its not dangerous. Seems to be a remnant from a past infection.

Quote

The computer restarts without any warning - most of the time it reboots on it's own as if I restarted it (but didnt!) but occasionally it shuts down completely and does not restart on it's own.  

This could be an issue with the power alimentation in that case. Looks more of an hardware issue than software to me if it shuts down as if the power was going out.

Quote

I'll be sure to take screenshots of anything that appears from this point forward.  I wish I had thought to do that but I always rush in a panic to get it off the screen as fast as I can.  Sometimes there's a robotic voice that reads what's on the screen and sometimes not. 

Some tech support scam webpages does that, to add another kind of "effect", yes.

Quote

I'll consider deleting those three programs.  If I don't NEED them, then I don't particularly want them, but being a complete novice I don't want to uninstall the wrong program and lead to bigger problems.  I don't know if it's true or not, but I read that Wondershare can be malware and perhaps that's what's causing the malvertising?  But I don't know?

I haven't encountered any malicious program that are from Wondershare, but as stated above, a lot of users seems to end up with the Helper Compact installed and they don't know why, so they ask about it online.

Link to post
Share on other sites

That's right, yes :)

Malwarebytes Premium alongside uBlock Origin in a good web browser such as Google Chrome will reduce the risks of malvertising by a lot. On top of staying away from suspicious websites, and avoid clicking on fake buttons, ads, etc. I personally use HTTPS Everywhere, Web of Trust and uBlock Extra (for uBlock Origin) as well. Oh, and LastPass. But that's me.

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.